CynthiaS

Hallo! Ik heb een vraagje; Ik heb een TV-out aansluiting en kabel. Ik weet echter niet hoe ik op mijn computer moet instellen dat er op mijn tv wordt weergegeven. Ik werk met Vista. Weet iemand dit misschien?

Hoi Xeno, Bedankt voor al je hulp! Ik ben blij dat ik van alle ellende af ben.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:18:51, on 20-4-2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\SurfRight\Caretaker\CaretakerService.exe C:\Windows\system32\svchost.exe C:\Program Files\SurfRight\Caretaker\AntispamService.exe C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Program Files\SurfRight\Caretaker\Notifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\mobsync.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Users\Wou_Cyn_Na_Tho_Sil\Desktop\dss.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\Windows\system32\conime.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Wou_Cyn_Na_Tho_Sil.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [recinfo756] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [recinfo] RecInfo.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 10145 bytes

Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Home Premium (build 6000) Architecture: X86; Language: Dutch CPU 0: Intel® Core2 Duo CPU E4500 @ 2.20GHz Percentage of Memory in Use: 32% Physical Memory (total/avail): 2046.69 MiB / 1374.57 MiB Pagefile Memory (total/avail): 4315.36 MiB / 3271.46 MiB Virtual Memory (total/avail): 2047.88 MiB / 1934.62 MiB C: is Fixed (NTFS) - 216.41 GiB total, 137.8 GiB free. D: is Fixed (NTFS) - 107.22 GiB total, 102.13 GiB free. E: is CDROM (No Media) F: is Fixed (NTFS) - 141.54 GiB total, 93.44 GiB free. G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) J: is Removable (No Media) K: is Removable (No Media) \\.\PHYSICALDRIVE0 - ST3360320AS ATA Device - 335.35 GiB - 3 partitions \PARTITION0 - Unknown - 11.72 GiB \PARTITION1 (bootable) - Installable File System - 216.41 GiB - C: \PARTITION2 - Installable File System - 107.22 GiB - D: \\.\PHYSICALDRIVE1 - Generic 2.0 Reader -0 USB Device \\.\PHYSICALDRIVE2 - Generic 2.0 Reader -1 USB Device \\.\PHYSICALDRIVE3 - Generic 2.0 Reader -2 USB Device \\.\PHYSICALDRIVE4 - Generic 2.0 Reader -3 USB Device \\.\PHYSICALDRIVE5 - Generic 2.0 Reader -4 USB Device \\.\PHYSICALDRIVE6 - Generic USB Disk USB Device - 149.05 GiB - 2 partitions \PARTITION0 - Unknown - 7.5 GiB \PARTITION1 (bootable) - Installable File System - 141.54 GiB - F: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FW: Norton Internet Security v2007 (Symantec Corporation) AV: Norton Internet Security v2007 (Symantec Corporation) AS: Spyware Doctor v5.5.0.204 (PC Tools) AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled AS: Norton Internet Security v2007 (Symantec Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming CLASSPATH=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PC_VAN_WOU_CYN_ ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Wou_Cyn_Na_Tho_Sil LOCALAPPDATA=C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Local LOGONSERVER=\\PC_VAN_WOU_CYN_ NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0d ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public QTJAVA=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\WOU_CY~1\AppData\Local\Temp TMP=C:\Users\WOU_CY~1\AppData\Local\Temp USERDOMAIN=PC_van_Wou_Cyn_ USERNAME=Wou_Cyn_Na_Tho_Sil USERPROFILE=C:\Users\Wou_Cyn_Na_Tho_Sil windir=C:\Windows -- User Profiles --------------------------------------------------------------- Wou_Cyn_Na_Tho_Sil -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL --> C:\Windows\UNNeroShowTime.exe /UNINSTALL --> C:\Windows\UNNeroVision.exe /UNINSTALL --> C:\Windows\UNRecode.exe /UNINSTALL Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 8.1.2 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81200000003} Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA} Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Caretaker Antispam 1.5.9 --> MsiExec.exe /X{601F6DF0-45A3-436E-869A-5D837863C3F4} ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3} EPSON-printersoftware --> C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R FirstSteps Diagnostics --> MsiExec.exe /X{94D66D71-12F0-48A5-B46A-D4B835A0F1B7} FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall ImgBurn --> "C:\Program Files\ImgBurn\uninstall.exe" IncrediMail Xe --> C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} Java 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040} LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69} MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} Nero 8 --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1043} neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0} Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164} Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A} Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34} Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B} Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B} Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555} Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43} Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8} NVIDIA Drivers --> C:\Windows\system32\nvudisp.exe UninstallGUI Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} Realtek High Definition Audio Driver --> RtlUpd.exe -r -m SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type3429 / Error Event Submitted/Written: 04/20/2008 09:12:10 AM Event ID/Source: 5007 / WerSvc Event Description: Kan het doelbestand voor het Windows Feedback Platform (een dll-bestand dat de lijst met problemen op deze computer bevat waarvoor aanvullende gegevens moeten worden verzameld voor diagnose) niet parseren. Foutcode: 8014FFF9. Event Record #/Type3428 / Success Event Submitted/Written: 04/20/2008 09:12:09 AM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type3426 / Success Event Submitted/Written: 04/20/2008 09:12:08 AM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type3414 / Success Event Submitted/Written: 04/20/2008 09:11:54 AM Event ID/Source: 902 / Software Licensing Service Event Description: De Software Licensing-service is gestart. Event Record #/Type3391 / Error Event Submitted/Written: 04/20/2008 08:34:51 AM Event ID/Source: 8194 / VSS Event Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005. Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces. Bewerking: Schrijvergegevens verzamelen Context: Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220} Naam van schrijver: System Writer Instantie-id van schrijver: {bb943397-480d-46d1-9c4e-c1f05d0026f5} -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type21695 / Error Event Submitted/Written: 04/20/2008 09:05:07 AM Event ID/Source: 10010 / DCOM Event Description: {44295CB8-D71B-11DA-8750-001185653D78} Event Record #/Type21694 / Error Event Submitted/Written: 04/20/2008 09:03:34 AM Event ID/Source: 10010 / DCOM Event Description: {D4304BCF-B8E9-4B35-BEA0-DC5B522670C2} Event Record #/Type21693 / Error Event Submitted/Written: 04/20/2008 08:54:01 AM Event ID/Source: 10016 / DCOM Event Description: standaard voor deze computerLokaalActiveren{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PC_van_Wou_Cyn_Wou_Cyn_Na_Tho_SilS-1-5-21-2691431002-2544732280-3931427400-1000LocalHost (via LRPC) Event Record #/Type21692 / Error Event Submitted/Written: 04/20/2008 08:54:01 AM Event ID/Source: 10016 / DCOM Event Description: standaard voor deze computerLokaalActiveren{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PC_van_Wou_Cyn_Wou_Cyn_Na_Tho_SilS-1-5-21-2691431002-2544732280-3931427400-1000LocalHost (via LRPC) Event Record #/Type21691 / Warning Event Submitted/Written: 04/20/2008 08:53:31 AM Event ID/Source: 243 / Win32k Event Description: Fout bij het toewijzen van een bureaublad-heap. -- End of Deckard's System Scanner: finished at 2008-04-20 09:19:39 ------------

Deckard's System Scanner v20071014.68 Run by Wou_Cyn_Na_Tho_Sil on 2008-04-20 09:17:02 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 13: 2008-04-20 06:34:52 UTC - RP55 - Spyware Doctor: Cleaning Threats 12: 2008-04-19 14:03:50 UTC - RP53 - Spyware Doctor: Cleaning Threats 11: 2008-04-19 09:06:08 UTC - RP51 - Spyware Doctor: Cleaning Threats 10: 2008-04-19 08:14:08 UTC - RP49 - Spyware Doctor: Cleaning Threats 9: 2008-04-18 19:39:04 UTC - RP47 - Spyware Doctor: Cleaning Threats -- First Restore Point -- 1: 2008-04-15 13:15:05 UTC - RP35 - Gepland herstelpunt Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Wou_Cyn_Na_Tho_Sil.exe) ---------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:18:51, on 20-4-2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\SurfRight\Caretaker\CaretakerService.exe C:\Windows\system32\svchost.exe C:\Program Files\SurfRight\Caretaker\AntispamService.exe C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Program Files\SurfRight\Caretaker\Notifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\mobsync.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Users\Wou_Cyn_Na_Tho_Sil\Desktop\dss.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\Windows\system32\conime.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Wou_Cyn_Na_Tho_Sil.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [recinfo756] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [recinfo] RecInfo.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 10145 bytes -- File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- All drivers whitelisted. -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service (Bonjour-service) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe R2 TestHandler (Fujitsu Siemens Computers Diagnostic Testhandler) - c:\firststeps\onlinediagnostic\testmanager\testhandler.exe <Not Verified; Fujitsu Siemens Computers; ServerView Online Diagnostic> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-04-18 20:41:09 512 --a------ C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan - Wou_Cyn_Na_Tho_Sil.job -- Files created between 2008-03-20 and 2008-04-20 ----------------------------- 2008-04-18 19:53:50 68096 --a------ C:\Windows\zip.exe 2008-04-18 19:53:50 49152 --a------ C:\Windows\VFind.exe 2008-04-18 19:53:50 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-04-18 19:53:50 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-04-18 19:53:50 98816 --a------ C:\Windows\sed.exe 2008-04-18 19:53:50 80412 --a------ C:\Windows\grep.exe 2008-04-18 19:53:50 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-04-18 19:21:14 0 d-------- C:\Users\All Users\Malwarebytes 2008-04-18 19:21:14 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-17 23:50:39 0 d-------- C:\Program Files\Trend Micro 2008-04-16 20:38:41 0 d-------- C:\Program Files\Spyware Doctor 2008-04-16 20:37:37 0 d-------- C:\Program Files\Picasa2 2008-04-16 20:37:03 0 d-------- C:\Users\All Users\Google Updater 2008-04-16 20:26:38 0 d-------- C:\Users\All Users\Google 2008-04-16 20:26:06 0 d-------- C:\Program Files\Google 2008-04-16 19:12:01 0 d-a------ C:\Users\All Users\TEMP 2008-04-16 19:07:00 0 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-04-16 18:59:17 0 d-------- C:\Users\All Users\Prevx 2008-04-16 18:59:07 0 d-------- C:\Temp 2008-04-16 18:55:03 0 d-------- C:\Users\All Users\SurfRight 2008-04-16 18:55:02 0 d-------- C:\Program Files\SurfRight 2008-04-16 18:47:55 0 d-------- C:\Program Files\Hitman Pro 2008-04-15 09:14:39 0 d-------- C:\Users\All Users\IM 2008-04-15 09:14:38 0 d-------- C:\Users\All Users\IncrediMail 2008-04-15 09:14:38 0 d-------- C:\Program Files\IncrediMail 2008-04-14 12:46:00 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\Shared 2008-04-14 12:45:56 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\Incomplete 2008-04-14 12:45:30 0 d-------- C:\Program Files\FrostWire 2008-04-13 20:23:45 0 d-------- C:\Program Files\ImgBurn 2008-04-13 09:00:29 0 d-------- C:\Users\All Users\Nero 2008-04-13 09:00:29 0 d-------- C:\Program Files\Common Files\Nero 2008-04-09 17:35:10 0 d-------- C:\Program Files\iPod 2008-04-09 17:35:08 0 d-------- C:\Program Files\iTunes 2008-04-09 17:32:44 0 d-------- C:\Program Files\Bonjour 2008-04-09 17:32:06 0 d-------- C:\Program Files\QuickTime 2008-04-09 17:32:04 0 d-------- C:\Users\All Users\Apple Computer 2008-04-09 17:31:36 0 d-------- C:\Program Files\Apple Software Update 2008-04-09 17:30:47 0 d-------- C:\Program Files\Common Files\Apple 2008-04-09 17:30:45 0 d-------- C:\Users\All Users\Apple 2008-04-09 15:10:06 0 d-------- C:\Program Files\Java 2008-04-09 15:08:53 0 d-------- C:\Program Files\Common Files\Java 2008-04-09 15:08:29 0 d-------- C:\Program Files\LimeWire 2008-04-06 09:42:35 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-06 09:42:13 0 d-------- C:\Program Files\Common Files\InstallShield 2008-04-06 09:36:40 0 d-------- C:\Users\All Users\Adobe Systems 2008-04-06 09:33:36 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-04-06 09:13:33 0 d-------- C:\Program Files\EPSON 2008-04-06 09:00:43 111932 --a------ C:\Windows\system32\EPPICPrinterDB.dat 2008-04-06 09:00:43 1139 --a------ C:\Windows\system32\EPPICPresetData_PT.dat 2008-04-06 09:00:43 1120 --a------ C:\Windows\system32\EPPICPresetData_IT.dat 2008-04-06 09:00:43 1107 --a------ C:\Windows\system32\EPPICPresetData_GE.dat 2008-04-06 09:00:43 1129 --a------ C:\Windows\system32\EPPICPresetData_FR.dat 2008-04-06 09:00:43 1136 --a------ C:\Windows\system32\EPPICPresetData_ES.dat 2008-04-06 09:00:43 1104 --a------ C:\Windows\system32\EPPICPresetData_EN.dat 2008-04-06 09:00:43 1146 --a------ C:\Windows\system32\EPPICPresetData_DU.dat 2008-04-06 09:00:43 1129 --a------ C:\Windows\system32\EPPICPresetData_CF.dat 2008-04-06 09:00:43 1139 --a------ C:\Windows\system32\EPPICPresetData_BP.dat 2008-04-06 09:00:43 4943 --a------ C:\Windows\system32\EPPICPattern6.dat 2008-04-06 09:00:43 21390 --a------ C:\Windows\system32\EPPICPattern5.dat 2008-04-06 09:00:43 11811 --a------ C:\Windows\system32\EPPICPattern4.dat 2008-04-06 09:00:43 24903 --a------ C:\Windows\system32\EPPICPattern3.dat 2008-04-06 09:00:43 20148 --a------ C:\Windows\system32\EPPICPattern2.dat 2008-04-06 09:00:43 31053 --a------ C:\Windows\system32\EPPICPattern131.dat 2008-04-06 09:00:43 27417 --a------ C:\Windows\system32\EPPICPattern121.dat 2008-04-06 09:00:43 26154 --a------ C:\Windows\system32\EPPICPattern1.dat 2008-04-05 18:07:00 0 d-------- C:\Program Files\uTorrent 2008-04-04 21:04:28 0 d-------- C:\Program Files\Norton Internet Security 2008-04-04 21:02:58 0 d-------- C:\Program Files\Symantec 2008-04-04 21:02:52 0 d-------- C:\Users\All Users\Symantec 2008-04-04 21:02:35 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-04-04 20:53:28 0 d-------- C:\Users\All Users\Avg7 2008-04-02 22:02:37 0 d-------- C:\Windows\system32\Macromed 2008-04-02 21:56:36 0 d-------- C:\Program Files\Nero 2008-04-02 21:56:36 0 d-------- C:\Program Files\Common Files\Ahead 2008-04-02 21:56:08 0 d-------- C:\Users\All Users\Adobe 2008-04-02 21:56:05 0 d-------- C:\Program Files\Common Files\Adobe 2008-04-02 21:54:27 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Searches 2008-04-02 21:54:18 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Contacts 2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\Sjablonen 2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\SendTo 2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\Recent 2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\Netwerkprinteromgeving 2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\NetHood 2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\Menu Start 2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\Local Settings 2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\Cookies 2008-04-02 21:54:13 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\Application Data 2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Videos 2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Saved Games 2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Pictures 2008-04-02 21:54:12 2883584 --ahs---- C:\Users\Wou_Cyn_Na_Tho_Sil\NTUSER.DAT 2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Music 2008-04-02 21:54:12 0 d--hs---- C:\Users\Wou_Cyn_Na_Tho_Sil\Mijn documenten 2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Links 2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Favorites 2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Downloads 2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Documents 2008-04-02 21:54:12 0 dr------- C:\Users\Wou_Cyn_Na_Tho_Sil\Desktop 2008-04-02 21:54:12 0 d--h----- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData 2008-04-02 21:45:19 0 d-------- C:\Windows\SoftwareDistribution -- Find3M Report --------------------------------------------------------------- 2008-04-20 09:16:21 689380 --a------ C:\Windows\system32\perfh013.dat 2008-04-20 09:16:21 122590 --a------ C:\Windows\system32\perfc013.dat 2008-04-19 20:54:12 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\uTorrent 2008-04-18 19:21:25 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Malwarebytes 2008-04-17 15:04:13 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Google 2008-04-16 20:38:41 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\PC Tools 2008-04-16 20:35:10 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Lavasoft 2008-04-15 21:21:50 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\WinRAR 2008-04-14 13:11:34 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\FrostWire 2008-04-13 20:43:53 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\ImgBurn 2008-04-13 09:03:33 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Nero 2008-04-13 09:00:29 0 d-------- C:\Program Files\Common Files 2008-04-10 21:25:41 0 d-------- C:\Program Files\Windows Mail 2008-04-09 17:35:25 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Apple Computer 2008-04-09 15:23:18 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\LimeWire 2008-04-06 11:48:00 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Adobe 2008-04-06 09:00:37 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\InstallShield 2008-04-02 22:02:37 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Macromedia 2008-04-02 21:54:19 0 d-------- C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Identities 2008-02-26 23:25:57 0 d-------- C:\Program Files\Common Files\Fujitsu Siemens Computers 2008-02-26 23:17:21 0 d-------- C:\Program Files\MSXML 4.0 2008-02-26 23:12:47 0 d-------- C:\Program Files\Windows Sidebar 2008-02-26 22:55:53 174 --ahs---- C:\Program Files\desktop.ini 2008-02-25 23:05:05 0 -rahs---- C:\MSDOS.SYS 2008-02-25 23:05:05 0 -rahs---- C:\IO.SYS -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03-11-2007 10:17] "NvSvc"="C:\Windows\system32\nvsvc.dll" [01-06-2007 17:46] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [01-06-2007 17:46] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [01-06-2007 17:46] "RtHDVCpl"="RtHDVCpl.exe" [17-12-2007 12:02 C:\Windows\RtHDVCpl.exe] "recinfo756"="c:\RecInfo\RecInfo.exe" [23-10-2007 14:52] "recinfo"="RecInfo.exe" [] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [25-10-2006 01:08] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [27-10-2006 02:18] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [14-12-2007 03:42] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28-03-2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30-03-2008 10:36] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01-03-2007 14:57] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [03-12-2007 14:21] "CaretakerNotifier"="C:\Program Files\SurfRight\Caretaker\Notifier.exe" [18-03-2008 12:58] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01-02-2008 12:55] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [26-02-2008 23:04] "WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" [] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02-11-2006 14:35] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02-11-2006 14:36] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [16-04-2008 20:37] C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16-3-2005 19:16:50] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [16-4-2008 20:37:03] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum UxSms *Newly Created Service* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-04-20 09:19:39 ------------

Heel gek, maar als ik hem uitvoer als administrator dan doet hij dat niet.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:50:53, on 17-4-2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\SurfRight\Caretaker\CaretakerService.exe C:\Windows\system32\svchost.exe C:\Program Files\SurfRight\Caretaker\AntispamService.exe C:\Windows\system32\Dwm.exe C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\svchost.exe C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\SurfRight\Caretaker\Notifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\WerCon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\Spyware Doctor\pctsGui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\explorer.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [recinfo756] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [recinfo] RecInfo.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUmKbaa.dll,#1 O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\WOU_CY~1\AppData\Local\Temp\fccdccBS.dll,c O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\WOU_CY~1\AppData\Local\Temp\xxywXOeB.dll,#1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\WOU_CY~1\AppData\Local\Temp\oumtfdio.dll",run O4 - HKCU\..\Run: [500ba864] rundll32.exe "C:\Users\WOU_CY~1\AppData\Local\Temp\dgcdmfli.dll",b O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 11212 bytes

Dit werkt niet. Ik heb het precies volgens jouw instructies gedaan, maar ik krijg geen logfile. Ik zal wel een nieuw hijack this log plaatsen, misschien weet je wat ik fout doe?

log van del.bat: Deleting files C:\Windows\system32\vtUmKbaa.dll not found

En virtumundo staat op mijn bureaublad.

Als ik bij mijn programma's kijk dan staat hitmanpro niet meer op mijn pc, waar kn ik hem verder nog verwijderen?

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:50:53, on 17-4-2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\SurfRight\Caretaker\CaretakerService.exe C:\Windows\system32\svchost.exe C:\Program Files\SurfRight\Caretaker\AntispamService.exe C:\Windows\system32\Dwm.exe C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\svchost.exe C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\SurfRight\Caretaker\Notifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\WerCon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\Spyware Doctor\pctsGui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\explorer.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [recinfo756] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [recinfo] RecInfo.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUmKbaa.dll,#1 O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\WOU_CY~1\AppData\Local\Temp\fccdccBS.dll,c O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\WOU_CY~1\AppData\Local\Temp\xxywXOeB.dll,#1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\WOU_CY~1\AppData\Local\Temp\oumtfdio.dll",run O4 - HKCU\..\Run: [500ba864] rundll32.exe "C:\Users\WOU_CY~1\AppData\Local\Temp\dgcdmfli.dll",b O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 11212 bytes

Sorry, ik had het niet goed geaan.. dit is de goeie: [04/18/2008, 20:59:59] - VirtumundoBeGone v1.5 ( "C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVF8BC6Q\VirtumundoBeGone[1].exe" ) [04/18/2008, 21:00:03] - Detected System Information: [04/18/2008, 21:00:04] - Windows Version: 6.0.6000, [04/18/2008, 21:00:04] - Current Username: Wou_Cyn_Na_Tho_Sil (Admin) [04/18/2008, 21:00:04] - Windows is in NORMAL mode. [04/18/2008, 21:00:04] - Searching for Browser Helper Objects: [04/18/2008, 21:00:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen) [04/18/2008, 21:00:04] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} () [04/18/2008, 21:00:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [04/18/2008, 21:00:04] - Checking for HKLM\...\Winlogon\Notify\NppBho [04/18/2008, 21:00:04] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing. [04/18/2008, 21:00:04] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [04/18/2008, 21:00:04] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [04/18/2008, 21:00:04] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) [04/18/2008, 21:00:04] - Finished Searching Browser Helper Objects [04/18/2008, 21:00:04] - Finishing up... [04/18/2008, 21:00:04] - Nothing found! Exiting... [04/18/2008, 21:47:11] - VirtumundoBeGone v1.5 ( "C:\Users\Wou_Cyn_Na_Tho_Sil\Desktop\VirtumundoBeGone.exe" ) [04/18/2008, 21:47:16] - Detected System Information: [04/18/2008, 21:47:16] - Windows Version: 6.0.6000, [04/18/2008, 21:47:16] - Current Username: Wou_Cyn_Na_Tho_Sil (Admin) [04/18/2008, 21:47:16] - Windows is in NORMAL mode. [04/18/2008, 21:47:16] - Searching for Browser Helper Objects: [04/18/2008, 21:47:16] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen) [04/18/2008, 21:47:16] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} () [04/18/2008, 21:47:16] - WARNING: BHO has no default name. Checking for Winlogon reference. [04/18/2008, 21:47:16] - Checking for HKLM\...\Winlogon\Notify\NppBho [04/18/2008, 21:47:16] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing. [04/18/2008, 21:47:16] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [04/18/2008, 21:47:16] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [04/18/2008, 21:47:16] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) [04/18/2008, 21:47:17] - Finished Searching Browser Helper Objects [04/18/2008, 21:47:17] - Finishing up... [04/18/2008, 21:47:17] - Nothing found! Exiting...

[04/18/2008, 20:59:59] - VirtumundoBeGone v1.5 ( "C:\Users\Wou_Cyn_Na_Tho_Sil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVF8BC6Q\VirtumundoBeGone[1].exe" ) [04/18/2008, 21:00:03] - Detected System Information: [04/18/2008, 21:00:04] - Windows Version: 6.0.6000, [04/18/2008, 21:00:04] - Current Username: Wou_Cyn_Na_Tho_Sil (Admin) [04/18/2008, 21:00:04] - Windows is in NORMAL mode. [04/18/2008, 21:00:04] - Searching for Browser Helper Objects: [04/18/2008, 21:00:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen) [04/18/2008, 21:00:04] - BHO 2: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} () [04/18/2008, 21:00:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [04/18/2008, 21:00:04] - Checking for HKLM\...\Winlogon\Notify\NppBho [04/18/2008, 21:00:04] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing. [04/18/2008, 21:00:04] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [04/18/2008, 21:00:04] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [04/18/2008, 21:00:04] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) [04/18/2008, 21:00:04] - Finished Searching Browser Helper Objects [04/18/2008, 21:00:04] - Finishing up... [04/18/2008, 21:00:04] - Nothing found! Exiting...

hijack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:50:53, on 17-4-2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\SurfRight\Caretaker\CaretakerService.exe C:\Windows\system32\svchost.exe C:\Program Files\SurfRight\Caretaker\AntispamService.exe C:\Windows\system32\Dwm.exe C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\svchost.exe C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\SurfRight\Caretaker\Notifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\WerCon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\Spyware Doctor\pctsGui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\explorer.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [recinfo756] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [recinfo] RecInfo.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUmKbaa.dll,#1 O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\WOU_CY~1\AppData\Local\Temp\fccdccBS.dll,c O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\WOU_CY~1\AppData\Local\Temp\xxywXOeB.dll,#1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\WOU_CY~1\AppData\Local\Temp\oumtfdio.dll",run O4 - HKCU\..\Run: [500ba864] rundll32.exe "C:\Users\WOU_CY~1\AppData\Local\Temp\dgcdmfli.dll",b O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 11212 bytes