Vraag & Antwoord

Beveiliging & privacy

Trojan BHO NTLDR

Anoniem
juisterr
30 antwoorden
 • Het begon 3 dagen geleden.
  Na een herstart verscheen er een ballon met een beveiligingsschild met de melding dat mijn register geinfecteerd zou zijn.
  Zogenaamd van windows.
  Na enig speuren kon ik in de processen 2x tcpipmon.exe vinden en de structuur beeindigen waarna het schildje verdween.
  Ook op mijn c: komen er telkens 4 of 5 exe bestanden te staan, die ik hierna wel kan verwijderen.

  Ik heb geprobeerd met xoftspy, spybot, ewido en bps spyware remover om het hele proces te verwijderen, zonder resultaat.
  Ook in veilige modus kan bv msnetax.dll niet verwijdert worden.
  Wie kan mijn log even bekijken en eventueel helpen?

  Logfile of HijackThis v1.98.2
  Scan saved at 17:27:58, on 15-3-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16414)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\WINDOWS\wmiprsv.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\CyberLink\Shared files\RichVideo.exe
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\TopDesk\topdesk.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
  C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
  C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
  C:\Program Files\MSN Messenger\usnsvc.exe
  F:\uTorrent\utorrent.exe
  C:\Program Files\MSN Messenger\livecall.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Documents and Settings\Ricardo\Bureaublad\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.home.nl/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
  O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
  O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
  O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bzautoreparaties.spaces.live.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
  O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
 • Je gebruikt een oude versie van HJT.

  Download [b:729b688cae].
  Sla het op je Bureaublad op.
  Download [b:729b688cae]hijackthissetup[/b:729b688cae] naar je Bureaublad.[list:729b688cae]Dubbelklikken op [b:729b688cae]hijackthissetup.exe[/b:729b688cae]
  Volg de instructies en klik op [b:729b688cae]Install[/b:729b688cae]
  Er zal een snelkoppeling verschijnen op je Bureaublad met de naam [i:729b688cae]Hijack This[/i:729b688cae]
  Dubbelklikken op de snelkoppeling om Hijackthis te starten.[/list:u:729b688cae]


  Dubbelklik op [b:729b688cae]rustbfix.exe[/b:729b688cae] om de tool te starten.
  Indien een Rustock.b-infection wordt gevonden, zul je kort daarna gevraagd worden om je PC te herstarten.
  De reboot zal waarschijnlijk enige tijd duren, en mogelijk zal een 2° reboot nodig zijn.
  Deze gebeurt automatisch.
  Na de reboot(s) zullen 2 logfiles openen (C:\[b:729b688cae]avenger.txt[/b:729b688cae] & C:\rustbfix\[b:729b688cae]pelog.txt[/b:729b688cae]).
  Post de inhoud van deze logfiles.


  Download SDFix en klik op "uitvoeren".
  Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

  Herstart de pc in de veilige modus.
  Safe mode for Windows XP
  Herstart de computer
  Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
  Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
  Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter

  Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
  Typ Y en klik enter om het schoonmaakproces te starten.
  Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
  De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
  De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beëindigen en je bureaubladiconen weer te laden.
  Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
  Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log

  Start Hijackthis op en kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:729b688cae]
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
  [/b:729b688cae]
  Sluit alle vensters behalve Hijackthis
  Klik op 'Fix checked' om de items te verwijderen.

  plaats de gevraagde logjes aub.
  Juisterr
 • Log hijack vóór rustbfix:

  Logfile of HijackThis v1.99.1
  Scan saved at 21:04:12, on 15-3-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16414)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\TopDesk\topdesk.exe
  C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\WINDOWS\system32\tcpipmon.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\WINDOWS\system32\tcpipmon.exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
  C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\WINDOWS\wmiprsv.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\CyberLink\Shared files\RichVideo.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\system32\svchost.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
  C:\Program Files\MSN Messenger\usnsvc.exe
  C:\Program Files\MSN Messenger\livecall.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Hijack This\hijackthis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.home.nl/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
  O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
  O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
  O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bzautoreparaties.spaces.live.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
  O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
  O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: Microsoft Validation Service - Unknown owner - C:\WINDOWS\wmiprsv.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe  Rustbfix:

  ************************* Rustock.b-fix – By ejvindh *************************
  do 15-03-2007 21:04:53,89

  No Rustock.b-rootkits found

  ******************************* End of Logfile ********************************


  SDFix: Version 1.72

  Run by Ricardo - do 15-03-2007 / 21:11:47,93

  Microsoft Windows XP [versie 5.1.2600]

  Running From: C:\SDFix

  Safe Mode:
  Checking Services:

  Name:
  kprof
  poof

  \??\C:\WINDOWS\system32\kprof
  \??\C:\WINDOWS\system32\poof

  kprof Deleted
  poof Deleted


  Killing PID 232 'smss.exe'
  Killing PID 304 'winlogon.exe'

  Restoring Windows Registry Entries
  Restoring Default Hosts File


  Rebooting…

  Normal Mode:
  Checking Files:

  Below files will be copied to Backups folder then removed:

  C:\WINDOWS\lsass16.exe - Deleted
  C:\WINDOWS\system32\calc32.exe - Deleted
  C:\WINDOWS\system32\koos.exe - Deleted
  C:\WINDOWS\system32\kprof - Deleted
  C:\WINDOWS\system32\max1d1641.exe - Deleted
  C:\WINDOWS\system32\poof - Deleted
  C:\WINDOWS\system32\rpcc.dll - Deleted
  C:\WINDOWS\system32\tcpipmon.exe - Deleted
  C:\WINDOWS\system32\winsvcup.exe - Deleted
  C:\WINDOWS\system32\winupsvc.exe - Deleted
  C:\WINDOWS\Temp\ma1x1dd1.game - Deleted

  Could Not Remove C:\WINDOWS\system32\instcat.dll


  ADS Check:

  C:\WINDOWS\system32
  No streams found.


  Final Check:

  Remaining Services:
  ——————  Authorized Application Key Export:

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
  "F:\\uTorrent\\utorrent.exe"="F:\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
  "C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:Explorer"


  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


  Remaining Files:
  —————
  C:\WINDOWS\system32\instcat.dll Found
  C:\WINDOWS\system32\max1d1641.exe Found
  C:\WINDOWS\system32\rpcc.dll Found
  C:\WINDOWS\system32\tcpipmon.exe Found
  C:\WINDOWS\Temp\ma1x1dd1.game Found

  Backups Folder: - C:\SDFix\backups\backups.zip

  Checking For Files with Hidden Attributes :

  C:\Program Files\BulletProofSoft.com\SpywareRemover\Help\Thumbs.db
  C:\Program Files\BulletProofSoft.com\SpywareRemover\LSPLang\Thumbs.db
  C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll
  C:\Program Files\eRightSoft\SUPER\cygwin1.dll
  C:\Program Files\eRightSoft\SUPER\cygz.dll
  C:\Program Files\eRightSoft\SUPER\_Setup.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll
  C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll
  C:\WINDOWS\system32\flvDX.dll
  C:\Program Files\eRightSoft\SUPER\Setup.exe
  C:\WINDOWS\wmiprsv.exe
  C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
  C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\afef19942bf45d5b7386efdd6944dce6\BIT87.tmp

  Finished
  En de laatste hijack:

  Logfile of HijackThis v1.99.1
  Scan saved at 21:20:19, on 15-3-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16414)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\WINDOWS\wmiprsv.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\WgaTray.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\CyberLink\Shared files\RichVideo.exe
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\tcpipmon.exe
  C:\WINDOWS\system32\tcpipmon.exe
  C:\WINDOWS\system32\notepad.exe
  C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\TopDesk\topdesk.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
  C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
  C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
  C:\Program Files\Hijack This\hijackthis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.home.nl/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
  O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
  O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bzautoreparaties.spaces.live.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
  O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
  O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: Microsoft Validation Service - Unknown owner - C:\WINDOWS\wmiprsv.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

  Er worden nog steeds 5 toepassingen en 1 bestand op de c: aangemaakt:

  qljtvns.exe
  tlrftvj.exe
  ufugob.exe
  bhapcqiw.exe
  jljy.exe
  -1542339326

  Ook nog 2x tcpipmon in processen.


  O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
  Deze stond er niet tussen, kreeg ook een winlogon fout bij restarten.
 • Download [b:9a93f3013c]Dr.Web CureIt[/b:9a93f3013c] naar je bureaublad:
  ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  Dubbelklik [b:9a93f3013c]drweb-cureit.exe[/b:9a93f3013c] en sta het toe om de express scan te starten.
  Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
  Eenmaal de korte scan is beeïndigd, Klik [b:9a93f3013c]Options[/b:9a93f3013c] > Change Settings
  Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
  Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
  Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
  Klik daarna de [b:9a93f3013c]groene pijl[/b:9a93f3013c] rechts om de scan te starten.
  Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
  Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:9a93f3013c]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:9a93f3013c]
  Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:9a93f3013c]Move incurable[/b:9a93f3013c] zoals je zal zien in volgende afbeelding:
  [img:9a93f3013c]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:9a93f3013c]
  Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
  Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:9a93f3013c]file[/b:9a93f3013c] en kies [b:9a93f3013c]save report list[/b:9a93f3013c]. Bewaar de log op je bureaublad.
  Sluit daarna Dr.Web Cureit.

  [b:9a93f3013c]Herstart[/b:9a93f3013c] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
  Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

  Download:
  Sla het bestand op je bureaublad op, daarna dubbelklikken.
  Mogelijk start de uninstaller van een rogue scanner op, sluit deze niet af maar laat deze zijn werk doen.

  Daarna de [b:9a93f3013c]PC herstarten[/b:9a93f3013c] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
  Post daarna het logje C:\[b:9a93f3013c]RVAXO-results.log[/b:9a93f3013c] in je volgende bericht tesamen met een nieuw logje van HijackThis.

  Bestand downloaden en op je bureaublad opslaan, daarna dubbelklikken.
  Als er een uninstaller actief wordt, deze zijn werk laten doen.
  PC herstarten en daarna nogmaals [b:9a93f3013c]RemoveVideoActiveXObject.exe[/b:9a93f3013c] dubbelklikken.
  Daarna een logje van HijackThis plaatsen
 • mssrs32.exe;c:\program files\common files\system;Probably DLOADER.Trojan;Will be moved after reboot.;
  instcat.dll;c:\windows\system32;Trojan.Proxy.1387;Will be cured after reboot.;
  msnetax.dll;c:\windows\system32;Trojan.Sender;Will be cured after reboot.;
  tcpipmon.exe;c:\windows\system32;Trojan.Fakealert.257;Will be cured after reboot.;
  bhapcqiw.exe;C:\;Trojan.Fakealert.257;Deleted.;
  jljy.exe;C:\;Trojan.DownLoader.19378;Deleted.;
  tlrftvj.exe\data001;C:\tlrftvj.exe;Trojan.Sklog;;
  tlrftvj.exe\data002;C:\tlrftvj.exe;Trojan.NtRootKit.218;;
  tlrftvj.exe\data003;C:\tlrftvj.exe;Trojan.NtRootKit.219;;
  tlrftvj.exe;C:\;Archive contains infected objects;Moved.;
  ufugob.exe;C:\;Trojan.DownLoader.19256;Deleted.;
  Inst.exe;C:\ADCDTEMP;Win32.Parite.2;Cured.;
  REGUPDATE.exe;C:\ADCDTEMP;Win32.Parite.2;Cured.;
  agmjxkuurb[1].txt;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JNS9SUM0;Trojan.DownLoader.19378;Deleted.;
  kqwgtddn[1].htm;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JNS9SUM0;Trojan.Fakealert.257;Deleted.;
  yroln[1].htm;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JNS9SUM0;Win32.HLLM.Bid;Deleted.;
  yroln[2].htm;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JNS9SUM0;Win32.HLLM.Bid;Deleted.;
  zspzmwkg[1].htm\data001;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OV0BC5CT\zspzmwkg[1].htm;Trojan.Sklog;;
  zspzmwkg[1].htm\data002;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OV0BC5CT\zspzmwkg[1].htm;Trojan.NtRootKit.218;;
  zspzmwkg[1].htm\data003;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OV0BC5CT\zspzmwkg[1].htm;Trojan.NtRootKit.219;;
  zspzmwkg[1].htm;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OV0BC5CT;Archive contains infected objects;Moved.;
  hjgddaoxuh[1].htm;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WNIBGH29;Trojan.DownLoader.19256;Deleted.;
  hjgddaoxuh[2].htm;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WNIBGH29;Trojan.DownLoader.19256;Deleted.;
  ose00000.exe;C:\Documents and Settings\Ricardo\Local Settings\Temp;Win32.Parite.2;Cured.;
  Process.exe;C:\SDFix\apps;Tool.Prockill;Moved.;
  A0010063.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89;Win32.HLLM.Bid;Deleted.;
  A0010066.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89;Trojan.Fakealert.257;Deleted.;
  A0010067.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89;Trojan.DownLoader.19378;Deleted.;
  A0010095.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89;Trojan.Fakealert.257;Deleted.;
  A0010096.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89;Trojan.DownLoader.19378;Deleted.;
  A0010097.dll;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89;Win32.HLLM.Bid;Deleted.;
  A0010166.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89;Trojan.Fakealert.257;Deleted.;
  A0010194.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89;Trojan.Fakealert.257;Deleted.;
  A0010199.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89;Trojan.Fakealert.257;Deleted.;
  A0010208.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89;Trojan.Fakealert.257;Deleted.;
  A0010215.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP90;Trojan.Fakealert.257;Deleted.;
  A0010216.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP90;Trojan.DownLoader.19378;Deleted.;
  A0010225.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP90;Trojan.Fakealert.257;Deleted.;
  A0010235.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP90;Trojan.Fakealert.257;Deleted.;
  MFEX-2.DAT;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP90\snapshot;Trojan.Fakealert.257;Deleted.;
  A0010275.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP92;Trojan.Fakealert.257;Deleted.;
  A0010340.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP93;Trojan.Fakealert.257;Deleted.;
  A0010341.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP93;Trojan.Fakealert.257;Deleted.;
  A0010342.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP93;Trojan.DownLoader.19378;Deleted.;
  A0010357.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP93;Trojan.DownLoader.19378;Deleted.;
  A0010358.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP93;Trojan.Fakealert.257;Deleted.;
  A0010375.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP93;Trojan.Fakealert.257;Deleted.;
  A0010376.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP93;Trojan.DownLoader.19378;Deleted.;
  A0010452.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94;Trojan.Fakealert.257;Deleted.;
  A0010464.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94;Trojan.Fakealert.257;Deleted.;
  A0010465.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94;Trojan.DownLoader.19378;Deleted.;
  A0010466.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94;Trojan.Fakealert.257;Deleted.;
  A0010475.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94;Trojan.Fakealert.257;Deleted.;
  A0010476.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94;Trojan.DownLoader.19378;Deleted.;
  A0010481.dll;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94;Win32.HLLM.Bid;Deleted.;
  A0010484.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94;Trojan.Fakealert.257;Deleted.;
  A0010494.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94;Trojan.Fakealert.257;Deleted.;
  A0010499.dll;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94;Win32.HLLM.Bid;Deleted.;
  A0010505.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94;Trojan.Fakealert.257;Deleted.;
  A0010507.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94;Trojan.Fakealert.257;Deleted.;
  A0010536.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP95;Trojan.Fakealert.257;Deleted.;
  A0010542.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP95;Trojan.Fakealert.257;Deleted.;
  A0011687.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96;BackDoor.IRC.Sdbot;Deleted.;
  A0011688.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96;Trojan.DownLoader.15408;Deleted.;
  A0011689.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96;Trojan.Sklog;Deleted.;
  A0011690.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96;Dialer.Maxd;Deleted.;
  A0011691.dll;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96;Win32.HLLM.Bid;Deleted.;
  A0011692.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96;Trojan.Fakealert.257;Deleted.;
  A0011698.dll;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96;Trojan.Proxy.1387;Deleted.;
  A0011699.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96;Trojan.DownLoader.15408;Deleted.;
  A0011700.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96;Trojan.Sklog;Deleted.;
  A0011701.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96;BackDoor.IRC.Sdbot;Deleted.;
  A0011702.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96;Dialer.Maxd;Deleted.;
  A0011703.dll;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96;Win32.HLLM.Bid;Deleted.;
  A0011704.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96;Trojan.Fakealert.257;Deleted.;
  A0011730.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96;Win32.HLLM.Bid;Deleted.;
  A0011731.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96;Trojan.DownLoader.19256;Deleted.;
  A0011732.exe\data001;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96\A0011732.exe;Trojan.Sklog;;
  A0011732.exe\data002;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96\A0011732.exe;Trojan.NtRootKit.218;;
  A0011732.exe\data003;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96\A0011732.exe;Trojan.NtRootKit.219;;
  A0011732.exe;C:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96;Archive contains infected objects;Moved.;
  exec1.exe;C:\WINDOWS\system32;Win32.Parite.2;Cured.;
  exec2.exe;C:\WINDOWS\system32;BackDoor.IRC.Sdbot;Deleted.;
  instcat.dll;C:\WINDOWS\system32;Trojan.Proxy.1387;Will be cured after reboot.;
  max1d1641.exe;C:\WINDOWS\system32;Dialer.Maxd;Deleted.;
  msnetax.dll;C:\WINDOWS\system32;Trojan.Sender;Will be cured after reboot.;
  tcpipmon.exe;C:\WINDOWS\system32;Trojan.Fakealert.257;Will be cured after reboot.;
  ma1x1dd1.game;C:\WINDOWS\Temp;Dialer.Maxd;Deleted.;
  tcpipmon.exe;C:\WINDOWS\Temp;Trojan.Fakealert.257;Deleted.;
  RemoveWGA.exe;D:\eMule\Incoming\Windows XP Pro Corp NL SP3 aug 2006 + Retail upgr Key (Ghost168 Wga Patch)\Disable WGA Check & Notifications\;Tool.RemoveWGA;Moved.;
  TipTopDeluxe_v11.exe;D:\from DC\ready\All (15) Popcap Games With Keygens 2004.05.04 (Alchemy Astropop Atomica Bejeweled Big Money Bookworm Dynomite ;Tool.ASEye.2;Moved.;
  Patch.exe;D:\from DC\ready\AudioDVDCreator.v1.85-RESURRECTiON\Patch;Tool.ASEye.2;Moved.;
  A0005701.exe;D:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP61;Win32.Parite.2;Cured.;
  A0005701.exe;D:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP61;Win32.Parite.2;Cured.;
  kerstverlichting.exe;F:\BitComet\Downloads\03-ULTIMATE;Joke.Xmas;Moved.;
  A0003817.exe;F:\System Volume Information\_restore{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP42;Modification of BackDoor.Generic.824;Moved.;

  —————-RemoveVideoActiveXObject.exe first run————-

  Files found:

  C:\WINDOWS\system32\rpcc.dll

  Uninstallers Rogue scanners:


  Folders Found:


  ————–RemoveVideoActiveXObject.exe last run—————

  Files found:


  Uninstallers Rogue scanners:


  Folders Found:  Logfile of HijackThis v1.99.1
  Scan saved at 0:52:23, on 16-3-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16414)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\WgaTray.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\WINDOWS\wmiprsv.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\CyberLink\Shared files\RichVideo.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\TopDesk\topdesk.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\Hijack This\hijackthis.exe
  C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
  O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
  O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O10 - Broken Internet access because of LSP provider 'c:\windows\system32\msnetax.dll' missing
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bzautoreparaties.spaces.live.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
  O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: instcat - instcat.dll (file missing)
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: Microsoft Validation Service - Unknown owner - C:\WINDOWS\wmiprsv.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
 • Onnodig te zeggen dat je behoorlijk besmet bent/was, er is al veel weg maar nog niet alles.


  Download naar je [b:a4c9cf17e5]Bureaublad[/b:a4c9cf17e5] (by Deckard).[list:a4c9cf17e5]
  [*:a4c9cf17e5][b:a4c9cf17e5]Sluit[/b:a4c9cf17e5] alle toepassingen en vensters.
  [*:a4c9cf17e5][b:a4c9cf17e5]Dubbelklik[/b:a4c9cf17e5] op [b:a4c9cf17e5]Comboscan.exe[/b:a4c9cf17e5] om het te activeren, en volg de aanwijzingen.
  [*:a4c9cf17e5]Wanneer de scan volledig is, zal een tekstbestand - [b:a4c9cf17e5]ComboScan.txt[/b:a4c9cf17e5] - openen.
  [*:a4c9cf17e5]Kopiëer [b:a4c9cf17e5](Ctrl+A gevolgd door Ctrl+C)[/b:a4c9cf17e5] en plak [b:a4c9cf17e5](Ctrl+V)[/b:a4c9cf17e5] de inhoud van [b:a4c9cf17e5]ComboScan.txt[/b:a4c9cf17e5] in je volgende antwoord.
  [/list:u:a4c9cf17e5]
 • ComboScan v20070306.20 run by Ricardo on 2007-03-16 at 10:46:32
  Computer is in Normal Mode.
  ——————————————————————————–  – HijackThis (run as Ricardo.exe) ———————————————

  Logfile of HijackThis v1.99.1
  Scan saved at 10:46:40, on 16-3-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16414)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\WgaTray.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\WINDOWS\wmiprsv.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\CyberLink\Shared files\RichVideo.exe
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\TopDesk\topdesk.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
  C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
  C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
  C:\Program Files\MSN Messenger\usnsvc.exe
  C:\Program Files\MSN Messenger\livecall.exe
  C:\WINDOWS\system32\svchost.exe
  F:\uTorrent\utorrent.exe
  C:\Documents and Settings\Ricardo\Bureaublad\comboscan.exe
  C:\PROGRA~1\HIJACK~1\Ricardo.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
  O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
  O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bzautoreparaties.spaces.live.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
  O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: instcat - instcat.dll (file missing)
  O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: Microsoft Validation Service - Unknown owner - C:\WINDOWS\wmiprsv.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


  – Files created between 2007-02-16 and 2007-03-16 —————————–

  2007-03-16 01:02:44 13824 –a—— C:\WINDOWS\system32\max1d1641.exe<MAX1D1~1.EXE>
  2007-03-16 01:02:43 30720 –a—— C:\WINDOWS\system32\tcpipmon.exe
  2007-03-16 01:02:41 30720 –a—— C:\WINDOWS\system32\rpcc.dll
  2007-03-16 01:01:57 20480 –a—— C:\WINDOWS\system32\msnetax.dll
  2007-03-16 00:52:05 16768 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg<REMOVE~1.REG>
  2007-03-15 22:00:10 0 d——– C:\Documents and Settings\Ricardo\DoctorWeb<DOCTOR~1>
  2007-03-15 21:04:53 0 d——– C:\Rustbfix
  2007-03-15 20:57:47 0 d——– C:\Program Files\Hijack This<HIJACK~1>
  2007-03-15 20:56:59 0 d——– C:\SDFix
  2007-03-15 15:23:39 0 d——– C:\Program Files\XoftSpySE<XOFTSP~1>
  2007-03-15 10:23:31 423784 –a—— C:\WINDOWS\system32\XceedBkp.dll
  2007-03-15 10:23:30 101888 –a—— C:\WINDOWS\system32\VB6STKIT.DLL
  2007-03-15 10:14:28 0 d——– C:\Program Files\BulletProofSoft.com<BULLET~1.COM>
  2007-03-13 22:21:10 0 d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
  2007-03-13 09:20:03 0 d——– C:\Program Files\Alcohol Soft<ALCOHO~1>
  2007-03-11 18:23:20 0 d——– C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage<OFFICE~1>
  2007-03-11 18:23:17 0 d——– C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
  2007-03-11 18:07:01 69632 –a—— C:\WINDOWS\system32\remove.exe
  2007-03-10 23:19:14 0 d——– C:\Program Files\RegCure
  2007-03-10 22:07:41 223128 –a—— C:\WINDOWS\system32\drivers\vaxscsi.sys
  2007-03-10 21:54:29 1239040 -r-hs—- C:\WINDOWS\wmiprsv.exe
  2007-03-10 21:54:27 0 d——– C:\WINDOWS\in
  2007-03-09 11:24:38 159744 –a—— C:\WINDOWS\system32\lfpng13n.dll
  2007-03-09 11:24:35 69632 –a—— C:\WINDOWS\system32\lfgif13n.dll
  2007-03-09 11:24:34 462848 –a—— C:\WINDOWS\system32\ltkrn13n.dll
  2007-03-09 11:24:34 450560 –a—— C:\WINDOWS\system32\ltimg13n.dll
  2007-03-09 11:24:34 163840 –a—— C:\WINDOWS\system32\ltfil13n.dll
  2007-03-09 11:24:34 206336 –a—— C:\WINDOWS\system32\ltefx13n.dll
  2007-03-09 11:24:34 299008 –a—— C:\WINDOWS\system32\ltdis13n.dll
  2007-03-09 11:24:34 401408 –a—— C:\WINDOWS\system32\lfcmp13n.dll
  2007-03-09 11:24:34 57344 –a—— C:\WINDOWS\system32\lfbmp13n.dll
  2007-03-06 19:44:18 0 d——– C:\Program Files\PC Inspector File Recovery<PCINSP~1>
  2007-03-06 19:37:13 44544 –a—— C:\WINDOWS\system32\Gif89.dll
  2007-03-06 19:37:13 0 d——– C:\Program Files\Convar
  2007-03-06 19:37:12 512688 –a—— C:\WINDOWS\system32\XceedCry.dll
  2007-03-06 19:37:12 118784 –a—— C:\WINDOWS\system32\DartWeb.dll
  2007-03-06 19:37:12 217088 –a—— C:\WINDOWS\system32\DartSock.dll
  2007-03-06 19:37:11 89360 –a—— C:\WINDOWS\system32\VB5DB.DLL
  2007-03-06 13:02:42 0 d——– C:\Bdienst
  2007-03-05 08:19:16 70656 –a—— C:\WINDOWS\system32\yv12vfw.dll
  2007-03-05 08:19:16 845312 –a—— C:\WINDOWS\system32\Smab.dll
  2007-03-05 08:19:16 70656 –a—— C:\WINDOWS\system32\i420vfw.dll
  2007-03-05 08:19:16 719872 –a—— C:\WINDOWS\system32\devil.dll
  2007-03-05 08:19:16 27648 –a—— C:\WINDOWS\system32\AVSredirect.dll<AVSRED~1.DLL>
  2007-03-05 08:19:16 306688 –a—— C:\WINDOWS\system32\avisynth.dll
  2007-03-05 08:19:16 66560 –a—— C:\WINDOWS\MOTA113.exe
  2007-03-05 08:19:16 217073 –a—— C:\WINDOWS\meta4.exe
  2007-03-05 08:19:15 0 d——– C:\WINDOWS\system32\ShellDHCP<SHELLD~1>
  2007-03-05 08:19:15 0 d——– C:\Program Files\AviSynth 2.5<AVISYN~1.5>
  2007-03-05 08:19:06 163328 -r-hs—- C:\WINDOWS\system32\flvDX.dll
  2007-03-05 08:19:01 0 d——– C:\Program Files\eRightSoft<ERIGHT~1>
  2007-03-03 18:42:53 0 d——– C:\WINDOWS\system32\NtmsData
  2007-02-28 14:20:36 0 d——– C:\WINDOWS\speech
  2007-02-28 14:20:34 0 d——– C:\WINDOWS\lhsp
  2007-02-28 14:20:05 640512 –a—— C:\WINDOWS\system32\Oc30.dll
  2007-02-28 14:20:05 159744 –a—— C:\WINDOWS\system32\Mfcans32.dll
  2007-02-25 13:48:03 0 d——– C:\Program Files\HooTech
  2007-02-25 13:35:11 0 d——– C:\Program Files\QuickTime<QUICKT~1>
  2007-02-25 13:34:39 0 d——– C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
  2007-02-25 13:34:12 0 d——– C:\Program Files\Vertical Moon<VERTIC~1>
  2007-02-22 21:43:32 0 d——– C:\Program Files\TopDesk
  2007-02-22 20:54:02 0 d——– C:\Pinball Arcade<PINBAL~1>
  2007-02-22 13:33:48 0 d——– C:\Documents and Settings\All Users\Application Data\Zylom
  2007-02-21 19:51:01 18934 –a—— C:\WINDOWS\BricoPackUninst.cmd<BRICOP~2.CMD>
  2007-02-21 19:49:05 619 –a—— C:\WINDOWS\BricoPackFoldersDelete.cmd<BRICOP~1.CMD>
  2007-02-21 19:48:12 0 d——– C:\WINDOWS\BricoPacks<BRICOP~1>
  2007-02-21 13:47:07 0 d——– C:\Program Files\Any Video Converter<ANYVID~1>
  2007-02-19 19:58:14 0 d——– C:\Program Files\ewido anti-spyware 4.0<EWIDOA~1.0>
  2007-02-19 19:39:42 0 d——– C:\Program Files\Trend Micro<TRENDM~1>
  2007-02-19 09:03:11 74240 –a—— C:\WINDOWS\system32\exec1.exe
  2007-02-19 09:03:10 11776 –a—— C:\WINDOWS\system32\drivers\oyiujgjq.sys
  2007-02-19 08:55:31 0 d——– C:\Documents and Settings\Ricardo\Application Data\MCMPEGEnc<MCMPEG~1>
  2007-02-19 08:55:16 0 d——– C:\Program Files\MainConcept<MAINCO~1>
  2007-02-18 15:36:58 0 d–h—– C:\WINDOWS\PIF
  2007-02-17 18:14:58 5504 –a—— C:\WINDOWS\system32\drivers\xmasscsi.sys
  2007-02-17 18:14:58 140800 –a—— C:\WINDOWS\system32\drivers\xmasbus.sys
  2007-02-17 11:40:32 0 d——– C:\Documents and Settings\Ricardo\Application Data\DVD Shrink<DVDSHR~1>
  2007-02-16 16:23:34 0 d——– C:\Program Files\Apoint2K
  2007-02-16 16:23:31 0 d——– C:\WINDOWS\system32\ReinstallBackups<REINST~1>
  2007-02-16 16:21:48 0 d——– C:\WINDOWS\ie7updates<IE7UPD~1>


  – Find3M Report —————————————————————

  2007-03-16 10:46:38 0 d——– C:\Documents and Settings\Ricardo\Application Data\uTorrent
  2007-03-16 01:04:18 0 d—s—- C:\Documents and Settings\Ricardo\Application Data\Microsoft<MICROS~1>
  2007-03-15 11:59:37 0 d——– C:\Program Files\XoftSpy
  2007-03-15 09:58:10 503234 –a—— C:\WINDOWS\system32\perfh013.dat
  2007-03-15 09:58:10 88926 –a—— C:\WINDOWS\system32\perfc013.dat
  2007-03-07 14:14:17 113406 –a—— C:\WINDOWS\hpoins07.dat
  2007-03-07 14:13:53 0 d——– C:\Program Files\HP
  2007-03-07 14:05:33 0 d——– C:\Documents and Settings\Ricardo\Application Data\Image Zone Express<IMAGEZ~1>
  2007-03-06 19:44:17 0 d–h—– C:\Program Files\InstallShield Installation Information<INSTAL~1>
  2007-03-04 20:56:05 0 d——– C:\Documents and Settings\Ricardo\Application Data\Ahead
  2007-02-25 20:37:42 0 d——– C:\Program Files\Real
  2007-02-21 19:51:00 219136 –a—— C:\WINDOWS\system32\uxtheme.dll
  2007-02-14 21:43:03 0 d——– C:\Documents and Settings\Ricardo\Application Data\Sun
  2007-02-14 21:42:49 0 d——– C:\Program Files\Java
  2007-02-14 21:41:55 0 d——– C:\Program Files\Common Files\Java
  2007-02-14 12:35:53 0 d——– C:\Documents and Settings\Ricardo\Application Data\Macromedia<MACROM~1>
  2007-02-13 22:31:12 0 d——– C:\Program Files\Common Files\Motorola Shared<MOTORO~1>
  2007-02-13 21:22:33 0 d——– C:\Program Files\USR
  2007-02-11 15:11:28 0 d——– C:\Program Files\Nokia
  2007-02-08 14:53:37 0 d——– C:\Program Files\Common Files\HP
  2007-02-08 14:46:48 2099 –a—— C:\Documents and Settings\Ricardo\Application Data\HPSU_48BitScanUpdate.log<HPSU_4~1.LOG>
  2007-02-08 14:44:53 40026 –a—— C:\Documents and Settings\Ricardo\Application Data\Update_HP_RedboxHprblog_HPSU.log<UPDATE~1.LOG>
  2007-02-08 14:44:42 139264 –a—— C:\WINDOWS\system32\hpzjrd01.dll
  2007-02-08 14:43:50 0 d——– C:\Documents and Settings\Ricardo\Application Data\HP
  2007-02-08 14:01:47 0 d——– C:\Documents and Settings\Ricardo\Application Data\ArcSoft
  2007-02-06 15:00:40 0 d——– C:\Program Files\Elecard
  2007-02-06 14:59:32 0 d——– C:\Documents and Settings\Ricardo\Application Data\Leadertech<LEADER~1>
  2007-02-06 14:25:53 0 d——– C:\Program Files\Common Files\Autodata Limited Shared<AUTODA~1>
  2007-02-05 09:56:25 0 d——– C:\Program Files\DivX
  2007-02-04 17:20:26 0 d——– C:\Program Files\LiveUpdate<LIVEUP~1>
  2007-02-04 17:20:09 0 d——– C:\Program Files\mobile PhoneTools<MOBILE~2>
  2007-02-04 17:18:00 0 d——– C:\Program Files\Common Files\InstallShield<INSTAL~1>
  2007-02-04 17:17:45 0 d——– C:\Program Files\Motorola
  2007-02-02 00:25:13 0 d——– C:\Documents and Settings\Ricardo\Application Data\DivX
  2007-02-02 00:21:17 0 d——– C:\Documents and Settings\Ricardo\Application Data\Real
  2007-02-02 00:19:23 0 d——– C:\Program Files\Common Files\xing shared<XINGSH~1>
  2007-02-02 00:19:20 0 d——– C:\Program Files\Common Files\Real
  2007-02-01 17:28:51 55949 –a—— C:\WINDOWS\system32\x264-uninstall.exe<X264-U~1.EXE>
  2007-02-01 17:21:09 0 d——– C:\Program Files\CyberLink<CYBERL~1>
  2007-02-01 17:19:14 0 d——– C:\Documents and Settings\Ricardo\Application Data\CyberLink<CYBERL~1>
  2007-02-01 17:10:29 0 d——– C:\Program Files\WMV9_VCM
  2007-02-01 17:05:51 0 d——– C:\Program Files\Windows Media Bonus Pack for Windows XP<WI12E0~1>
  2007-02-01 13:33:16 0 d——– C:\Program Files\Gadwin Systems<GADWIN~1>
  2007-02-01 09:53:45 0 d——– C:\Documents and Settings\Ricardo\Application Data\Adobe
  2007-02-01 05:56:06 823296 –a—— C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
  2007-02-01 05:56:05 802816 –a—— C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
  2007-02-01 05:56:05 823296 –a—— C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
  2007-02-01 05:56:04 639066 –a—— C:\WINDOWS\system32\DivX.dll
  2007-01-31 22:27:01 524288 –a—— C:\WINDOWS\system32\DivXsm.exe
  2007-01-31 00:15:10 118784 –a—— C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
  2007-01-30 22:45:32 0 d——– C:\Program Files\MSN Messenger<MSNMES~1>
  2007-01-30 21:16:20 0 d——– C:\Program Files\Mobile Phone Manager<MOBILE~1>
  2007-01-30 17:52:43 0 d——– C:\Documents and Settings\Ricardo\Application Data\AdobeUM
  2007-01-30 12:19:30 0 d——– C:\Program Files\RegCleaner<REGCLE~1>
  2007-01-30 06:03:40 3596288 –a—— C:\WINDOWS\system32\qt-dx331.dll
  2007-01-30 05:56:56 73728 –a—— C:\WINDOWS\system32\dpl100.dll
  2007-01-30 05:35:26 0 d——– C:\Program Files\Microsoft Works<MIF2B0~1>
  2007-01-30 05:35:11 0 d——– C:\Program Files\MSBuild
  2007-01-30 05:33:56 0 d——– C:\Program Files\Microsoft.NET<MICROS~1.NET>
  2007-01-30 05:31:45 0 d——– C:\Program Files\Analog Devices<ANALOG~1>
  2007-01-30 05:30:29 0 d——– C:\Program Files\Microsoft Visual Studio 8<MICROS~3>
  2007-01-30 05:19:56 0 d——– C:\Program Files\Common Files\LightScribe<LIGHTS~1>
  2007-01-30 05:19:34 0 d——– C:\Program Files\Common Files\Ahead
  2007-01-30 05:15:26 0 d——– C:\Program Files\Nero
  2007-01-30 05:08:29 0 d——– C:\Program Files\MSXML 4.0<MSXML4~1.0>
  2007-01-30 04:57:29 0 d——– C:\Program Files\Elaborate Bytes<ELABOR~1>
  2007-01-30 04:54:24 0 d——– C:\Program Files\Intuwave
  2007-01-30 04:53:54 0 d——– C:\Program Files\Common Files\Nokia
  2007-01-30 04:43:40 0 d——– C:\Documents and Settings\Ricardo\Application Data\Identities<IDENTI~1>
  2007-01-30 04:40:29 0 d——– C:\Program Files\Hewlett-Packard<HEWLET~1>
  2007-01-30 04:38:05 0 d——– C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
  2007-01-30 04:29:52 0 d——– C:\Program Files\Sitecom
  2007-01-30 04:04:30 0 d——– C:\Program Files\Reference Assemblies<REFERE~1>
  2007-01-30 04:02:33 0 d——– C:\Program Files\Windows Media Connect 2<WINDOW~3>
  2007-01-30 03:44:45 0 d——– C:\Program Files\Common Files\Adobe
  2007-01-30 03:35:35 0 d——– C:\Program Files\xat.com Image Optimizer<XAT~1.COM>
  2007-01-30 03:33:59 0 d——– C:\Program Files\coverXP
  2007-01-30 03:09:39 0 d——– C:\Program Files\Common Files\ODBC
  2007-01-30 03:09:34 0 d——– C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
  2007-01-30 03:08:55 62 –ahs—- C:\Documents and Settings\Ricardo\Application Data\desktop.ini
  2007-01-30 02:27:53 0 d——– C:\Program Files\microsoft frontpage<MICROS~1>
  2007-01-30 02:27:28 0 -rahs—- C:\MSDOS.SYS
  2007-01-30 02:27:28 0 -rahs—- C:\IO.SYS
  2007-01-30 02:27:28 0 –a—— C:\CONFIG.SYS
  2007-01-30 02:27:28 0 –a—— C:\AUTOEXEC.BAT
  2007-01-30 02:25:50 0 d–h—– C:\Program Files\WindowsUpdate<WINDOW~4>
  2007-01-30 02:23:07 0 d——– C:\Program Files\Common Files\MSSoap
  2007-01-30 02:22:31 0 d——– C:\Program Files\Movie Maker<MOVIEM~1>
  2007-01-30 02:20:33 21748 –a—— C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
  2007-01-30 02:19:49 0 d——– C:\Program Files\MSN Gaming Zone<MSNGAM~1>
  2007-01-30 02:19:36 0 d——– C:\Program Files\Windows NT<WINDOW~1>
  2007-01-29 09:58:06 60416 —–n— C:\WINDOWS\system32\tzchange.exe
  2007-01-26 02:19:00 118520 —–n— C:\WINDOWS\system32\pxinsi64.exe
  2007-01-26 02:19:00 116472 —–n— C:\WINDOWS\system32\pxcpyi64.exe
  2007-01-26 02:19:00 129784 —–n— C:\WINDOWS\system32\pxafs.dll
  2007-01-26 02:18:54 200704 –a—— C:\WINDOWS\system32\ssldivx.dll
  2007-01-26 02:18:54 1044480 –a—— C:\WINDOWS\system32\libdivx.dll
  2007-01-26 02:13:45 196608 –a—— C:\WINDOWS\system32\dtu100.dll
  2007-01-26 02:13:45 53248 –a—— C:\WINDOWS\system32\dpuGUI10.dll
  2007-01-26 02:13:44 57344 –a—— C:\WINDOWS\system32\dpv11.dll
  2007-01-26 02:13:44 344064 –a—— C:\WINDOWS\system32\dpus11.dll
  2007-01-26 02:13:44 593920 –a—— C:\WINDOWS\system32\dpuGUI11.dll
  2007-01-26 02:13:44 294912 –a—— C:\WINDOWS\system32\dpu11.dll
  2007-01-26 02:13:44 294912 –a—— C:\WINDOWS\system32\dpu10.dll
  2007-01-19 12:53:04 51056 –a—— C:\WINDOWS\system32\sirenacm.dll
  2007-01-12 09:27:42 871936 –a—— C:\WINDOWS\system32\webcheck.dll
  2007-01-12 09:27:42 51712 —–n— C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
  2007-01-12 09:27:42 458752 —–n— C:\WINDOWS\system32\msfeeds.dll
  2007-01-12 09:27:42 6054400 –a—— C:\WINDOWS\system32\ieframe.dll
  2007-01-08 19:04:54 196096 –a—— C:\WINDOWS\system32\url.dll
  2007-01-08 19:04:08 718848 –a—— C:\WINDOWS\system32\occache.dll
  2007-01-08 19:02:04 266752 –a—— C:\WINDOWS\system32\iertutil.dll
  2007-01-08 19:02:04 44544 –a—— C:\WINDOWS\system32\iernonce.dll
  2007-01-08 19:02:02 384000 –a—— C:\WINDOWS\system32\iedkcs32.dll
  2007-01-08 19:02:02 383488 –a—— C:\WINDOWS\system32\ieapfltr.dll
  2007-01-08 19:02:02 161792 –a—— C:\WINDOWS\system32\ieakui.dll
  2007-01-08 19:02:02 230400 –a—— C:\WINDOWS\system32\ieaksie.dll
  2007-01-08 19:02:02 153088 –a—— C:\WINDOWS\system32\ieakeng.dll
  2007-01-08 19:01:14 17408 –a—— C:\WINDOWS\system32\corpol.dll
  2007-01-08 19:00:48 124928 –a—— C:\WINDOWS\system32\advpack.dll
  2007-01-08 18:08:14 56832 –a—— C:\WINDOWS\system32\ie4uinit.exe
  2007-01-08 18:08:10 13824 –a—— C:\WINDOWS\system32\ieudinit.exe
  2006-12-19 22:48:54 135680 –a—— C:\WINDOWS\system32\shsvcs.dll
  2006-12-19 19:18:35 334336 –a—— C:\WINDOWS\system32\wiaservc.dll


  – Registry Dump —————————————————————


  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
  "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
  "Gadwin PrintScreen 3.5"="C:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe /nosplash"
  "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
  "ServiceLayer"="C:\\Program Files\\Common Files\\Nokia\\Services\\ServiceLayer.exe"
  "Nokia Tray Application"="C:\\Program Files\\Common Files\\Nokia\\NCLTools\\NclTray.exe"
  "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
  "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
  "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
  "LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
  "TopDesk"="C:\\Program Files\\TopDesk\\topdesk.exe"
  "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
  "tcpipmon"="tcpipmon.exe"


  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
  "{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="Network Neighborhood"

  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
  "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
  "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
  "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

  HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\instcat
  HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc

  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
  "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
  HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
  LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
  NetworkService REG_MULTI_SZ DnsCache\0\0
  DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
  rpcss REG_MULTI_SZ RpcSs\0\0
  imgsvc REG_MULTI_SZ StiSvc\0\0
  termsvcs REG_MULTI_SZ TermService\0\0
  WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
  bthsvcs REG_MULTI_SZ BthServ\0\0  – End of ComboScan: finished at 2007-03-16 at 10:47:10 ————————  —————-RemoveVideoActiveXObject.exe first run————-

  Files found:

  C:\WINDOWS\system32\rpcc.dll

  Uninstallers Rogue scanners:


  Folders Found:


  ————–RemoveVideoActiveXObject.exe last run—————

  Files found:


  Uninstallers Rogue scanners:


  Folders Found:

  Logfile of HijackThis v1.99.1
  Scan saved at 11:01:16, on 16-3-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16414)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\WgaTray.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\WINDOWS\wmiprsv.exe
  C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\TopDesk\topdesk.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\CyberLink\Shared files\RichVideo.exe
  C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
  C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
  C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
  C:\Program Files\MSN Messenger\livecall.exe
  C:\Program Files\MSN Messenger\usnsvc.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\Program Files\Hijack This\hijackthis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
  O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
  O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bzautoreparaties.spaces.live.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
  O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: instcat - instcat.dll (file missing)
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: Microsoft Validation Service - Unknown owner - C:\WINDOWS\wmiprsv.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

  Het lijkt erop dat het een stuk beter is, ik kreeg alleen een schermpje met de melding dat de server bezet is en ik heb op activeren geklikt.
  Hierna kon ik horen dat er een programma werd geopend, dit ging achter elkaar door.
  Omdat ik geen, of beperkte internetverbinding had, heb ik netwerkcontrole gestart, deze vroeg mij om LSP te verwijderen. Dit heb ik gedaan en moest herstarten.
  Hierna had ik weer netwerkverbinding.

  Ik moet er nog even bijzeggen dat het trojan-gedoe begonnen is op 11-03, vermoedelijk nadat ik een patch voor een alcohol120% versie had gebruikt. Deze versie en prefetches heb ik meteen verwijdert, evenals de versie van alcohol.

  Ik gebruik een us robotics maxg router, broadcast geen name, wireless disabled. Verder heb ik 1 poort forwarded staan voor utorrent, en firewall enabled.
  Helaas kan ik mijn windowsfirewall niet meer aanzetten.

  Terwijl ik hier nu typ, komt de balloon weer tevoorschijn….
  Het is net het schild wat ook voor windows beveiligingscentrum wordt gebruikt met de melding: your computer is infected.
  Als ik erop klik krijg ik een Question scherm met: Would you like to update your security software an download Registry Cleaner?  Logfile of HijackThis v1.99.1
  Scan saved at 11:15:57, on 16-3-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16414)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\WgaTray.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\WINDOWS\wmiprsv.exe
  C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\TopDesk\topdesk.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\CyberLink\Shared files\RichVideo.exe
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
  C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
  C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
  C:\Program Files\MSN Messenger\livecall.exe
  C:\Program Files\MSN Messenger\usnsvc.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\tcpipmon.exe
  C:\WINDOWS\system32\tcpipmon.exe
  C:\Program Files\Hijack This\hijackthis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
  O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
  O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bzautoreparaties.spaces.live.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
  O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: instcat - instcat.dll (file missing)
  O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: Microsoft Validation Service - Unknown owner - C:\WINDOWS\wmiprsv.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
 • Als je er zelf een hard hoofd in hebt, is het dan niet sneller om een outlook backup te maken, de windows partitie (is maar 30 Gb) formatteren, xp en progs opnieuw erop?

  Of valt het nog te redden?
 • Vooralsnog hoeft dat niet, ik ben op zoek naar een bestand in System.ini
  en er zit denk ik een rootkit in die een bestand terugplaatst.


  Download LSPFix.exe van deze site http://cexx.org/lspfix.htm
  1. Start het programma.
  2. Selecteer "I know what I'am doing"
  3. Selecteer ALLEEN dit bestand: [b:80becdd77e]msnetax.dll [/b:80becdd77e]
  4. Klik op "remove" zodat het bestand naar het rechter venster gaat.
  5. Klik op "Finish"
  6. Herstart de pc.
  7. Verwijder het bovengenoemde bestand uit de C:\Windows\System32\ directory (als het bestand niet missing is)


  Kan jij me vertellen wat er allemaal bij System.ini voor bestanden staan?
 • ; for 16-bit app support

  [drivers]
  wave=mmdrv.dll
  timer=timer.drv

  [mci]
  [driver32]
  [386enh]
  woafont=app850.FON
  EGA80WOA.FON=EGA80850.FON
  EGA40WOA.FON=EGA40850.FON
  CGA80WOA.FON=CGA80850.FON
  CGA40WOA.FON=CGA40850.FON


  Bedoel je je dit?

  Tevens vindt hij deze als ik zoek op system.ini : C:\WINDOWS\system32\ShellDHCP


  Het dll bestand msnetax is niet te verwijderen.

  Ik moet wel telkens de structuur van de tcpipmon beeindigen, anders is mijn inet te traag om een pagina te openen.
 • Ik was even aan het meelezen:

  probeer dit eens:
  Download Killbox.(alternatieve download)
  Klik op killbox.exe.
  Kies de optie: "[b:7e42415baa]Delete on reboot[/b:7e42415baa]".

  [b:7e42415baa]Kopieer[/b:7e42415baa] het volgende vetgedrukt deel:

  [b:7e42415baa]C:\WINDOWS\wmiprsv.exe
  c:\windows\system32\msnetax.dll
  C:\WINDOWS\system32\max1d1641.exe
  C:\WINDOWS\system32\tcpipmon.exe
  C:\WINDOWS\system32\rpcc.dll
  C:\WINDOWS\system32\exec1.exe
  C:\WINDOWS\system32\drivers\oyiujgjq.sys[/b:7e42415baa]

  Open [b:7e42415baa]'file'[/b:7e42415baa] in het killboxmenu bovenaan en kies: [b:7e42415baa]Paste from clipboard[/b:7e42415baa]

  Je zal zien, het bovenstaande vetgedrukte zal staan in het "Full Path of File to Delete"-veld.
  Er is een klein pijltje naast dat veld. Als je daarop klikt zal je al die bovenstaande lijntjes (indien bestanden aanwezig) die je gekopieerd hebt zien staan (dit is alvast de bedoeling)

  Klik op de knop: [b:7e42415baa]All files[/b:7e42415baa] (!Belangrijk!)

  Daarna, Klik op de rode cirkel met het wit kruisje erin.
  Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES.

  Je pc moet nu rebooten.

  Post na de herstart een nieuw logje van HijackThis en meldt of er verbetering is ;)
 • msnetax staat nog wel in de system32 map, maar verder lijkt het nu goed te gaan.
  Er komen (nog) geen bestanden meer nieuw op de C:.
  Tcpipmon.exe staat niet meer tussen de processen.

  Hieronder een log.


  Logfile of HijackThis v1.99.1
  Scan saved at 14:30:57, on 16-3-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16414)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\WgaTray.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\TopDesk\topdesk.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
  C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
  C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
  C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\CyberLink\Shared files\RichVideo.exe
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\MSN Messenger\usnsvc.exe
  C:\Program Files\MSN Messenger\livecall.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Hijack This\hijackthis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.home.nl/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
  O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
  O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bzautoreparaties.spaces.live.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
  O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: instcat - instcat.dll (file missing)
  O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: Microsoft Validation Service - Unknown owner - C:\WINDOWS\wmiprsv.exe (file missing)
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

  Laat maar even weten wat je er nu van vindt.
 • Kan je msnetax.dll hernoemen(rechtsklikken, kiezen voor "Naam wijzigen" en een andere naam geven?)

  Probeer die stap met LSPfix van juisterr nog een keer.

  Herstart je PC en post een nieuw logje ;)
 • Msnetax.dll is na de herstart terug gekomen in de map, het hernoemde bestand (aabbcc.dll) stond er nog wel, kon ik gewoon verwijderen.
  Internet is nu wel heel erg traag trouwens (met name openen van pagina's, up en down zijn prima). Ik moet wel xp opnieuw activeren, maar dat is geen probleem.
  Verder geen problemen.

  Hieronder een log.


  Logfile of HijackThis v1.99.1
  Scan saved at 14:54:18, on 16-3-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16414)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\WgaTray.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\TopDesk\topdesk.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
  C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\CyberLink\Shared files\RichVideo.exe
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\MSN Messenger\usnsvc.exe
  C:\Program Files\MSN Messenger\livecall.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Hijack This\hijackthis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.home.nl/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
  O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
  O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bzautoreparaties.spaces.live.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
  O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: instcat - instcat.dll (file missing)
  O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: Microsoft Validation Service - Unknown owner - C:\WINDOWS\wmiprsv.exe (file missing)
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
 • Nu, 3 dagen later, heb ik eigenlijk nog maar 1 probleem.
  Mijn internet is zeer traag, dit wat betreft het openen van pagina's. Sommige pagina's openen helemaal niet. Ik kan aan het lampje op mijn router zien dat er zeer veel activiteit is tussen router en mijn pc, andere pc's op mijn router hebben dit niet. Ik heb 0,03 tot 1,15% netwerkgebruik, dit terwijl ik op dat moment geen internet gebruik.
  De verhouding verzonden/ontvangen pakketten is 3:2. Het is zelfs zo, dat wanneer ik mijn provider gegevens uit mijn router verwijder, ik nog steeds internet heb. (wireless staat uitgeschakeld).
  Wat moet ik met de O11 uit het logje?

  Logfile of HijackThis v1.99.1
  Scan saved at 19:59:09, on 21-3-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16414)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\CyberLink\Shared files\RichVideo.exe
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\WgaTray.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\TopDesk\topdesk.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
  C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
  C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
  C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
  C:\Program Files\MSN Messenger\usnsvc.exe
  C:\Program Files\MSN Messenger\livecall.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Hijack This\hijackthis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
  O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bzautoreparaties.spaces.live.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
  O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
  O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
 • Hernoem het bestand opnieuw en doe dan het volgende:

  Download ATF cleaner (gemaakt door Atribune)
  Dubbelklik op ATF cleaner om het programma te starten.
  Op het tabblad "Main", plaats je een vinkje bij [b:6badfecb54]Select All[/b:6badfecb54].
  Klik op de knop [b:6badfecb54]Empty Selected[/b:6badfecb54].

  Het volgende doen als je ook FireFox als browser hebt:
  Klik op tabblad "Firefox", plaats een vinkje bij [b:6badfecb54]Select All[/b:6badfecb54].
  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
  (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
  Klik op de knop [b:6badfecb54]Empty Selected[/b:6badfecb54].

  Het volgende doen als je ook Opera als browser hebt:
  Klik op tabblad "Opera", plaats een vinkje bij [b:6badfecb54]Select All[/b:6badfecb54].
  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
  Klik op de knop [b:6badfecb54]Empty Selected[/b:6badfecb54].
  Ga naar het tabblad "Main" en klik op de knop [b:6badfecb54]Exit[/b:6badfecb54] om het programma af te sluiten.

  Download [b:6badfecb54][list:6badfecb54]
  [*:6badfecb54]Klik "ja" als wordt gevraagd of je voor updates wilt checken.
  [*:6badfecb54]Vul je e-mailadres in als ernaar wordt gevraagd.
  [*:6badfecb54] Kies "ja" als wordt gevraagd of je ervoor wilt worden gewaarschuwd als je homepage verandert.
  [*:6badfecb54]Klik "scan your computer"
  [*:6badfecb54]Selecteer de drives die je wil laten scannen door ze aan te vinken.
  [*:6badfecb54]Vink aan de middelste optie [b:6badfecb54]Perform complete scan[/b:6badfecb54] en dan "volgende".
  [/list:u:6badfecb54]
  De computer zal nu worden gescand dus wacht geduldig af!

  [list:6badfecb54][*:6badfecb54] Als "harmfull items" worden gevonden let je erop dat ze allemaal zijn aangevinkt en klik je [b:6badfecb54]OK[/b:6badfecb54] om verder te gaan.
  [*:6badfecb54]Als de scan is gedaan klik je op [b:6badfecb54]OK[/b:6badfecb54] om de gevonden items via quarantaine te laten verwijderen en dan op "volgende".
  [*:6badfecb54]Klik op [b:6badfecb54]scanningpreferences/control centre[/b:6badfecb54] op naar het hoofdmenu te gaan.
  [*:6badfecb54]Klik tabblad [b:6badfecb54]statistics/logs[/b:6badfecb54] en dan [b:6badfecb54]view log[/b:6badfecb54].
  [*:6badfecb54]Kopieer en plak de tekst van het kladblokbestandje in je antwoord op het forum.
  [*:6badfecb54]Klik op "volgende" en op "ja" om de computer te laten herstarten.[/list:u:6badfecb54]

  Post dus het logje van de scan van SuperAntiSpyware en een nieuw logje van HijackThis ;)
 • SUPERAntiSpyware Scan Log
  Generated 03/16/2007 at 04:20 PM

  Application Version : 3.6.1000

  Core Rules Database Version : 3190
  Trace Rules Database Version: 1200

  Scan type : Complete Scan
  Total Scan Time : 00:29:23

  Memory items scanned : 474
  Memory threats detected : 1
  Registry items scanned : 6462
  Registry threats detected : 14
  File items scanned : 35128
  File threats detected : 50

  Trojan.Spam-RUCrzy
  C:\WINDOWS\MEDIA\D3UI32.DLL
  C:\WINDOWS\MEDIA\D3UI32.DLL

  Trojan.Downloadsr-NetHood
  HKLM\Software\Classes\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}
  HKCR\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}
  HKCR\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32
  HKCR\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32#ThreadingModel
  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}
  HKCR\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}

  Trojan.Media-Codec
  HKCR\BprintingHost.Serv
  HKCR\BprintingHost.Serv\CLSID
  HKCR\BprintingHost.Serv\CLSID\{38ca2fcd-7d7e-11db-96a0-00e08161165f}

  Trojan.Downloader-RPCC
  HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc
  HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc#DllName
  HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc#Asynchronous
  HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc#Impersonate
  HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc#Startup

  Dialer.Dial/Gen Variant
  C:\!KILLBOX\MAX1D1641.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96\A0015697.EXE

  Trojan.Net-MSNetAX
  C:\!KILLBOX\MSNETAX.DLL
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96\A0012696.DLL
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96\A0014695.DLL
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96\A0015696.DLL
  C:\WINDOWS\SYSTEM32\AABBCC.DLL

  Trojan.Downloader-TCPIP Mon
  C:\!KILLBOX\TCPIPMON.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96\A0012697.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96\A0014697.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96\A0015698.EXE

  Trojan.SpySheriff
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89\A0010062.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89\A0010064.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89\A0010065.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89\A0010092.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89\A0010093.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89\A0010094.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89\A0010163.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89\A0010165.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89\A0010205.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89\A0010206.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP89\A0010207.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP90\A0010217.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP90\A0010218.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP90\A0010219.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP90\A0010232.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP90\A0010233.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP90\A0010234.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP93\A0010337.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP93\A0010338.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP93\A0010339.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP93\A0010377.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP93\A0010378.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP93\A0010379.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94\A0010461.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94\A0010462.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94\A0010463.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94\A0010472.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94\A0010473.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94\A0010474.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94\A0010492.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94\A0010493.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94\A0010506.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94\A0010508.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP94\A0010509.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP95\A0010543.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP95\A0010544.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP95\A0010545.EXE
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{E6E64FED-E68A-4F78-B214-DD3E57E196DC}\RP96\A0011729.EXE
  Hijackthislog:

  Logfile of HijackThis v1.99.1
  Scan saved at 16:55:54, on 16-3-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16414)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\CyberLink\Shared files\RichVideo.exe
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\WgaTray.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
  C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
  C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
  C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\Program Files\Hijack This\hijackthis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
  O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bzautoreparaties.spaces.live.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
  O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
  O20 - Winlogon Notify: instcat - instcat.dll (file missing)
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: Microsoft Validation Service - Unknown owner - C:\WINDOWS\wmiprsv.exe (file missing)
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe  Het lijkt nu goed te gaan. Msnetax is nu ook weg en blijft weg.
  Hoe zit het trouwens met de tcpipmon.exe die nog wel in de startup staat?
  Kan deze kwaad?
 • Laten we hopen dat dat zo blijft :)

  Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
  [b:0fb64e834f]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
  O20 - Winlogon Notify: instcat - instcat.dll (file missing) [/b:0fb64e834f]
  Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

  Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
  Kijk hier hoe je je systeemherstel moet uitschakelen.
  Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

  Post maar even een nieuw logje van HijackThis ter controle ;)
 • Na het herstarten was het niet mogelijk om me aan te melden of af te sluiten.
  Ik heb de pc dus met de knop uit moeten zetten.
  Hierna was het wel weer mogelijk om aan te melden.
  Messenger aanmelden lukt niet meer, na verwijderen en opnieuw installeren nog steeds niet ivm hosts. Is hier nog een manier voor?
  En is er nog een manier zodat ik windows firewall weer kan inschakelen?
  Ik kan nu niet kiezen tussen in en uitschakelen.

  Hieronder nog een logje, echt fantastisch dat er toch nog mensen zijn die weten hoe irritant lastige trojans e.d. zijn, en die je hier geweldig mee helpen om dit uit je systeem te krijgen. Als ik het zó zelf kon, had ik hetzelfde gedaan.


  Logfile of HijackThis v1.99.1
  Scan saved at 19:55:40, on 16-3-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16414)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\TopDesk\topdesk.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
  C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\ewido anti-spyware 4.0\guard.exe
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\Program Files\CyberLink\Shared files\RichVideo.exe
  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
  C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
  C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
  C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
  C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Hijack This\hijackthis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.home.nl/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
  O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
  O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
  O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bzautoreparaties.spaces.live.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
  O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
  O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
  O23 - Service: Microsoft Validation Service - Unknown owner - C:\WINDOWS\wmiprsv.exe (file missing)
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
 • Dubbelklik nog maar eens op RemoveVideoActiveXObject.exe
  Dat zou een aantal van die problemen moeten oplossen.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.