Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Spyware en andere zooi

None
9 antwoorden
  • Hallo ik heb sinds dat mijn broertje er weer een keer heeft gewerkt spyware erop. Ik heb hem net opnieuwe geinstaleerd mijn broertje komt er achter en weer spyware :evil: . Dus ik heb weinig zin om hem opnieuwe te instaleren. Daarom mijn vraag of jullie weten hoe ik dit kan verwijderen al deze spyware en andere zooi. Hieronder maar meteen een logje.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 18:49:39, on 23-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\locker.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Maikel\Bureaublad\HiJackThis_v2.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
    O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\awturon.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "C:\Program Files\RemotelyAnywhere\x86\RAGui.exe"
    O4 - HKLM\..\Run: [qxapurap] rundll32.exe "C:\Program Files\qxapurap\itixiraz.dll",Init
    O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [License] locker.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WinClicker.exe] "C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe" -atboottime
    O4 - HKLM\..\Policies\Explorer\Run: [sK06PpvXt9] rundll32.exe "C:\WINDOWS\system32
    daTqsVqrX.dll",DllCleanServer
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
    O20 - Winlogon Notify: awturon - awturon.dll (file missing)
    O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - Unknown owner - C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


    End of file - 8438 bytes


  • Hallo,


    Voer de volgende acties eerst uit:
    Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma:
    [b:4791cb8d27]WebHancer
    [/b:4791cb8d27]

    start opnieuw op
  • download en gebruik de nieuwste versie van HJT .


    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe


    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:2ff94faef5]
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
    O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\awturon.dll (file missing)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [qxapurap] rundll32.exe "C:\Program Files\qxapurap\itixiraz.dll",Init
    O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [License] locker.exe
    O4 - HKLM\..\Policies\Explorer\Run: [sK06PpvXt9] rundll32.exe "C:\WINDOWS\system32
    daTqsVqrX.dll",DllCleanServer
    O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
    O20 - Winlogon Notify: awturon - awturon.dll (file missing)
    O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
    [/b:2ff94faef5]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Download [b:2ff94faef5] naar je Bureaublad.
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:2ff94faef5]download Combofix opnieuw[/b:2ff94faef5]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:2ff94faef5]
    Dubbelklik op [b:2ff94faef5]Combofix.exe[/b:2ff94faef5]
    Volg de instructies, aanvaard de disclaimer door [b:2ff94faef5]1[/b:2ff94faef5] (continue) te typen, gevolgd door [b:2ff94faef5]ENTER[/b:2ff94faef5].
    Tijdens het runnen van de fix, [b:2ff94faef5]NIET[/b:2ff94faef5] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:2ff94faef5]
    Wanneer de fix voltooid is en na herstart, zal de log [b:2ff94faef5]combofix.txt[/b:2ff94faef5] openen.


  • Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 21:29, on 2007-12-23
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Maikel\Bureaublad\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WinClicker.exe] "C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe" -atboottime
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - Unknown owner - C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


    End of file - 7228 bytes


    ComboFix 07-12-21.4 - Maikel 2007-12-23 21:22:44.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.574 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Maikel\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\PerfInfo
    C:\WINDOWS\PerfInfo\sK06PpvXt9uc.exe
    C:\WINDOWS\PerfInfo\sK06PpvXt9ud.exe
    C:\WINDOWS\system32\ldinfo.ldr

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-11-23 to 2007-12-23 ))))))))))))))))))))))))))))))
    .

    2007-12-23 20:44 . 2007-12-23 20:46 <DIR> d——– C:\Program Files\VirtualDJ
    2007-12-23 20:36 . 2007-12-23 20:37 13,015,916 –a—— C:\get_video.flv.AVI
    2007-12-23 20:04 . 2007-12-23 21:15 <DIR> d——– C:\Documents and Settings\Maikel\Application Data\Lavasoft
    2007-12-23 19:30 . 2005-09-23 08:29 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-12-23 19:29 . 2007-12-23 21:15 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-23 19:29 . 2007-12-23 19:29 164 –a—— C:\install.dat
    2007-12-23 19:28 . 2005-08-25 18:19 115,920 –a—— C:\WINDOWS\system32\MSINET.OCX
    2007-12-23 19:27 . 2007-12-23 19:26 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
    2007-12-23 19:27 . 2007-12-23 19:26 298,104 –a—— C:\WINDOWS\system32\imon.dll
    2007-12-23 19:27 . 2007-12-23 19:26 15,424 –a—— C:\WINDOWS\system32\drivers
    od32drv.sys
    2007-12-23 19:25 . 2007-12-23 19:25 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
    2007-12-23 19:18 . 2007-12-23 19:18 <DIR> d——– C:\WINDOWS\system32\GroupPolicy
    2007-12-23 18:08 . 2007-12-23 18:08 <DIR> d——– C:\Program Files\Office Multimedia Keyboard & Mouse Driver
    2007-12-23 15:27 . 2007-12-23 15:27 <DIR> d——– C:\WINDOWS\ppqvmpqr
    2007-12-22 22:53 . 2004-08-03 23:01 25,856 –a—— C:\WINDOWS\system32\drivers\usbprint.sys
    2007-12-22 22:53 . 2004-08-03 23:01 25,856 –a–c— C:\WINDOWS\system32\dllcache\usbprint.sys
    2007-12-22 20:02 . 2007-12-22 20:02 <DIR> d–h—– C:\WINDOWS\PIF
    2007-12-22 20:01 . 2007-12-22 20:01 8,192 –ahs—- C:\WINDOWS\Thumbs.db
    2007-12-22 11:41 . 2007-12-22 11:48 231 –a—— C:\WINDOWS\eJay_se.inf
    2007-12-22 11:40 . 1997-07-19 18:00 129,808 ——— C:\WINDOWS\system32\COMDLG32.ocx
    2007-12-21 20:20 . 2007-12-21 20:20 54,156 –ah—– C:\WINDOWS\QTFont.qfn
    2007-12-21 20:20 . 2007-12-21 20:20 1,409 –a—— C:\WINDOWS\QTFont.for
    2007-12-21 03:00 . 2007-12-21 03:00 <DIR> d——– C:\Program Files\MSXML 4.0
    2007-12-20 23:30 . 2007-12-20 23:30 0 –a—— C:\WINDOWS\mngui.INI
    2007-12-20 23:27 . 2007-02-08 12:55 97,088 -ra—— C:\WINDOWS\system32\drivers\sea1mdm.sys
    2007-12-20 23:27 . 2007-02-08 12:56 90,800 -ra—— C:\WINDOWS\system32\drivers\sea1unic.sys
    2007-12-20 23:27 . 2007-02-08 12:56 88,624 -ra—— C:\WINDOWS\system32\drivers\sea1mgmt.sys
    2007-12-20 23:27 . 2007-02-08 12:56 86,432 -ra—— C:\WINDOWS\system32\drivers\sea1obex.sys
    2007-12-20 23:27 . 2007-02-08 12:56 18,704 -ra—— C:\WINDOWS\system32\drivers\sea1nd5.sys
    2007-12-20 23:27 . 2007-02-08 12:55 9,360 -ra—— C:\WINDOWS\system32\drivers\sea1mdfl.sys
    2007-12-20 23:27 . 2007-02-08 12:55 6,240 -ra—— C:\WINDOWS\system32\drivers\sea1cmnt.sys
    2007-12-20 23:27 . 2007-02-08 12:55 6,240 -ra—— C:\WINDOWS\system32\drivers\sea1cm.sys
    2007-12-20 23:27 . 2007-02-08 12:55 4,128 -ra—— C:\WINDOWS\system32\drivers\sea1cr.sys
    2007-12-20 23:26 . 2007-02-08 12:55 61,536 -ra—— C:\WINDOWS\system32\drivers\sea1bus.sys
    2007-12-20 23:26 . 2007-02-08 12:56 5,872 -ra—— C:\WINDOWS\system32\drivers\sea1whnt.sys
    2007-12-20 23:26 . 2007-02-08 12:56 5,872 -ra—— C:\WINDOWS\system32\drivers\sea1wh.sys
    2007-12-20 23:24 . 2007-12-20 23:24 <DIR> d——– C:\Documents and Settings\Maikel\Application Data\Teleca
    2007-12-20 23:22 . 2007-12-20 23:22 <DIR> d——– C:\Documents and Settings\Maikel\Application Data\Sony Ericsson
    2007-12-20 23:18 . 2007-12-21 20:35 <DIR> d——– C:\Program Files\Common Files\Teleca Shared
    2007-12-20 23:02 . 2007-12-20 23:03 <DIR> d——– C:\Program Files\Disc2Phone
    2007-12-20 22:56 . 2007-12-20 22:57 <DIR> d——– C:\WINDOWS\system32\URTTemp
    2007-12-20 21:06 . 2007-12-20 21:06 <DIR> d——– C:\Program Files\Salling Software AB
    2007-12-20 20:55 . 2007-12-20 20:55 <DIR> d——– C:\Documents and Settings\Maikel\Application Data\Salling Software AB
    2007-12-20 20:55 . 2007-12-20 20:55 356,352 –a—— C:\WINDOWS\eSellerateEngine.dll
    2007-12-20 20:53 . 2004-08-04 01:03 154,112 –a—— C:\WINDOWS\system32\irftp.exe
    2007-12-20 20:53 . 2004-08-04 01:03 154,112 –a–c— C:\WINDOWS\system32\dllcache\irftp.exe
    2007-12-20 20:53 . 2004-08-04 01:03 28,160 –a—— C:\WINDOWS\system32\irmon.dll
    2007-12-20 20:53 . 2004-08-04 01:03 28,160 –a–c— C:\WINDOWS\system32\dllcache\irmon.dll
    2007-12-20 20:53 . 2004-08-04 01:03 8,192 –a—— C:\WINDOWS\system32\wshirda.dll
    2007-12-20 20:53 . 2004-08-04 01:03 8,192 –a–c— C:\WINDOWS\system32\dllcache\wshirda.dll
    2007-12-20 18:00 . 2007-12-20 18:00 <DIR> d——– C:\Program Files\Common Files\Adobe
    2007-12-20 18:00 . 2007-12-20 18:00 <DIR> d——– C:\Documents and Settings\Maikel\Application Data\AdobeUM
    2007-12-19 21:13 . 2007-12-20 20:10 230,432 –a—— C:\StiImg.dat
    2007-12-17 23:44 . 2007-12-17 23:44 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2007-12-15 23:19 . 2007-12-15 23:19 <DIR> d——– C:\Documents and Settings\Maikel\Application Data\Radmin
    2007-12-15 22:37 . 2005-01-14 09:32 53,248 –a—— C:\WINDOWS\system32\PAStiSvc.exe
    2007-12-15 22:36 . 2007-12-15 22:36 <DIR> d——– C:\WINDOWS\PixArt
    2007-12-15 22:36 . 2007-12-23 18:05 <DIR> d——– C:\WINDOWS\Downloaded Installations
    2007-12-15 22:36 . 2007-12-15 22:36 <DIR> d——– C:\Program Files\Trust
    2007-12-15 22:36 . 2007-12-15 22:36 <DIR> d——– C:\Program Files\Common Files\PCCamera
    2007-12-14 22:58 . 2004-08-18 09:34 442,368 -ra—— C:\WINDOWS\system32\vp6vfw.dll
    2007-12-14 22:54 . 2007-12-14 22:54 <DIR> d——– C:\Program Files\DAEMON Tools
    2007-12-14 20:08 . 2007-12-14 20:08 685,816 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2007-12-14 13:22 . 2007-12-14 13:22 490 –a—— C:\WINDOWS\otstuk.tmp
    2007-12-13 19:50 . 2007-12-03 22:08 12,800 –a—— C:\WINDOWS\system32\WING32.DLL
    2007-12-13 19:49 . 2006-07-26 18:16 652 –a—— C:\WINDOWS\hegames.ini
    2007-12-13 13:17 . 2007-12-13 13:17 <DIR> dr-h—– C:\Documents and Settings\Maikel\Application Data\SecuROM
    2007-12-13 13:16 . 2007-12-13 13:16 107,888 –a—— C:\WINDOWS\system32\CmdLineExt.dll
    2007-12-13 10:56 . 2007-12-13 10:56 <DIR> d——– C:\Program Files\The File Splitter 1.31
    2007-12-13 09:52 . 2007-12-13 09:52 <DIR> d——– C:\Program Files\AviSynth 2.5
    2007-12-13 09:51 . 2007-12-13 09:51 <DIR> d——– C:\Program Files\eRightSoft
    2007-12-12 00:01 . 2007-12-12 00:01 118 –a—— C:\WINDOWS\otstuk.bat
    2007-12-11 17:52 . 2007-12-11 17:52 <DIR> d——– C:\Documents and Settings\Maikel\Application Data\Atari
    2007-12-10 19:48 . 2007-12-10 19:48 <DIR> d——– C:\Program Files\Common Files\PocketSoft
    2007-12-10 19:48 . 2007-12-10 19:48 <DIR> d——– C:\Documents and Settings\Maikel\Application Data\Leadertech
    2007-12-10 19:48 . 2002-02-27 18:50 197,120 –a—— C:\WINDOWS\patchw32.dll
    2007-12-10 19:45 . 2007-12-10 19:45 <DIR> d——– C:\Program Files\Atari
    2007-12-10 19:16 . 2007-05-16 16:45 1,124,720 –a—— C:\WINDOWS\system32\D3DCompiler_34.dll
    2007-12-10 19:16 . 2007-05-16 16:45 443,752 –a—— C:\WINDOWS\system32\d3dx10_34.dll
    2007-12-10 19:16 . 2007-06-20 20:46 266,088 –a—— C:\WINDOWS\system32\xactengine2_8.dll
    2007-12-10 19:16 . 2007-06-20 20:45 18,280 –a—— C:\WINDOWS\system32\x3daudio1_2.dll
    2007-12-10 19:15 . 2007-05-16 16:45 3,497,832 –a—— C:\WINDOWS\system32\d3dx9_34.dll
    2007-12-10 19:15 . 2007-03-12 16:42 3,495,784 –a—— C:\WINDOWS\system32\d3dx9_33.dll
    2007-12-10 19:15 . 2006-11-29 13:06 3,426,072 –a—— C:\WINDOWS\system32\d3dx9_32.dll
    2007-12-10 19:15 . 2007-03-12 16:42 1,123,696 –a—— C:\WINDOWS\system32\D3DCompiler_33.dll
    2007-12-10 19:15 . 2007-03-15 16:57 443,752 –a—— C:\WINDOWS\system32\d3dx10_33.dll
    2007-12-10 19:15 . 2007-04-04 18:55 261,480 –a—— C:\WINDOWS\system32\xactengine2_7.dll
    2007-12-10 19:15 . 2007-01-24 15:27 255,848 –a—— C:\WINDOWS\system32\xactengine2_6.dll
    2007-12-10 19:15 . 2006-12-08 12:02 251,672 –a—— C:\WINDOWS\system32\xactengine2_5.dll
    2007-12-10 19:14 . 2007-12-14 12:28 103,736 –a—— C:\WINDOWS\system32\PnkBstrB.exe
    2007-12-10 19:14 . 2007-12-12 19:58 66,872 –a—— C:\WINDOWS\system32\PnkBstrA.exe
    2007-12-10 19:14 . 2007-12-14 12:28 22,328 –a—— C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-12-10 19:14 . 2007-12-10 19:14 22,328 –a—— C:\Documents and Settings\Maikel\Application Data\PnkBstrK.sys
    2007-12-10 19:14 . 2007-12-10 19:14 319 –a—— C:\WINDOWS\game.ini
    2007-12-10 18:45 . 2007-12-10 18:45 <DIR> d——– C:\Program Files\Activision
    2007-12-10 18:43 . 2007-12-10 18:43 <DIR> d–hs—- C:\WINDOWS\ftpcache
    2007-12-10 16:27 . 2007-12-14 23:58 <DIR> d——– C:\Program Files\EA GAMES
    2007-12-10 16:25 . 2007-12-10 16:25 <DIR> d——– C:\WINDOWS\Cache
    2007-12-10 16:23 . 2007-12-10 16:23 <DIR> d——– C:\Program Files\Davilex Games
    2007-12-10 16:15 . 2007-12-10 19:23 <DIR> d——– C:\Program Files\Electronic Arts

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-15 21:36 ——— d—–w C:\Program Files\Common Files\InstallShield
    2007-12-04 14:56 93,264 —-a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 —-a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 —-a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 —-a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 —-a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 —-a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 —-a-w C:\WINDOWS\system32\AvastSS.scr
    2007-12-03 18:20 315,392 —-a-w C:\WINDOWS\HideWin.exe
    2007-12-03 17:55 ——— d—–w C:\Documents and Settings\All Users\Application Data
    View_Profiles
    2007-12-03 17:49 ——— d—–w C:\Program Files\SystemRequirementsLab
    2007-12-03 17:19 ——— d—–w C:\Program Files\microsoft frontpage
    2007-11-22 21:24 73,216 —-a-w C:\WINDOWS\WinLockDll.dll
    2007-11-22 21:24 38,400 —-a-w C:\WINDOWS\wl.exe
    2007-11-15 17:46 23,736 —-a-w C:\WINDOWS\system32\lmimirr.dll
    2007-11-15 17:46 10,040 —-a-w C:\WINDOWS\system32\lmimirr2.dll
    2007-11-14 16:14 4,625,408 —-a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-07 16:31 1,191,936 —-a-w C:\WINDOWS\RtlUpd.exe
    2007-11-06 09:50 16,855,552 —-a-w C:\WINDOWS\RTHDCPL.exe
    2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-18 10:31 51,224 —-a-w C:\WINDOWS\system32\sirenacm.dll
    2007-10-11 10:04 1,826,816 —-a-w C:\WINDOWS\SkyTel.exe
    2007-10-04 17:16 356,352 —-a-w C:\WINDOWS\system32\NVUNINST.EXE
    2007-10-04 16:14 81,920 —-a-w C:\WINDOWS\system32
    vwddi.dll
    2007-10-04 16:14 81,920 —-a-w C:\WINDOWS\system32
    vmctray.dll
    2007-10-04 16:14 8,491,008 —-a-w C:\WINDOWS\system32
    vcpl.dll
    2007-10-04 16:14 753,664 —-a-w C:\WINDOWS\system32
    vcplui.exe
    2007-10-04 16:14 6,750,208 —-a-w C:\WINDOWS\system32
    voglnt.dll
    2007-10-04 16:14 6,344,704 —-a-w C:\WINDOWS\system32
    vdisps.dll
    2007-10-04 16:14 5,783,424 —-a-w C:\WINDOWS\system32
    v4_disp.dll
    2007-10-04 16:14 466,944 —-a-w C:\WINDOWS\system32
    vshell.dll
    2007-10-04 16:14 45,056 —-a-w C:\WINDOWS\system32
    vmccsrs.dll
    2007-10-04 16:14 442,368 —-a-w C:\WINDOWS\system32
    vappbar.exe
    2007-10-04 16:14 425,984 —-a-w C:\WINDOWS\system32\keystone.exe
    2007-10-04 16:14 364,544 —-a-w C:\WINDOWS\system32
    vapi.dll
    2007-10-04 16:14 36,864 —-a-w C:\WINDOWS\system32
    vcodins.dll
    2007-10-04 16:14 36,864 —-a-w C:\WINDOWS\system32
    vcod.dll
    2007-10-04 16:14 356,352 —-a-w C:\WINDOWS\system32
    vudisp.exe
    2007-10-04 16:14 307,200 —-a-w C:\WINDOWS\system32
    vexpbar.dll
    2007-10-04 16:14 3,551,232 —-a-w C:\WINDOWS\system32
    vvitvs.dll
    2007-10-04 16:14 3,334,144 —-a-w C:\WINDOWS\system32
    vgames.dll
    2007-10-04 16:14 286,720 —-a-w C:\WINDOWS\system32
    vnt4cpl.dll
    2007-10-04 16:14 229,376 —-a-w C:\WINDOWS\system32
    vmccs.dll
    2007-10-04 16:14 2,371,584 —-a-w C:\WINDOWS\system32
    vwss.dll
    2007-10-04 16:14 188,416 —-a-w C:\WINDOWS\system32
    vmccss.dll
    2007-10-04 16:14 155,716 —-a-w C:\WINDOWS\system32
    vsvc32.exe
    2007-10-04 16:14 147,456 —-a-w C:\WINDOWS\system32
    vcolor.exe
    2007-10-04 16:14 1,703,936 —-a-w C:\WINDOWS\system32
    vwdmcpl.dll
    2007-10-04 16:14 1,626,112 —-a-w C:\WINDOWS\system32
    wiz.exe
    2007-10-04 16:14 1,478,656 —-a-w C:\WINDOWS\system32
    view.dll
    2007-10-04 16:14 1,339,392 —-a-w C:\WINDOWS\system32
    vdspsch.exe
    2007-10-04 16:14 1,150,976 —-a-w C:\WINDOWS\system32
    vmobls.dll
    2007-10-04 16:14 1,019,904 —-a-w C:\WINDOWS\system32
    vwimg.dll
    2006-05-03 09:06 163,328 –sh–r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 –sh–r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
    "WinClicker.exe"="C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe" [2005-12-14 12:59]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32
    wiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2007-11-06 10:50 C:\WINDOWS\RTHDCPL.exe]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
    "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl]
    "WireLessKeyboard"="C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe" [2005-10-22 18:15]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\LMIinit]
    LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\RAinit]
    RAinit.dll 2007-05-25 18:22 58960 C:\WINDOWS\system32\RAinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessMouse]
    2005-10-21 08:51 286720 –a—— C:\Program Files\Office Multimedia Keyboard & Mouse Driver\MouseDrv.exe

    R2 BT848;AVerMedia, AVerTV WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2001-12-07 20:59]
    R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2001-12-12 07:26]
    R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [2001-08-22 01:43]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
    R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;C:\WINDOWS\system32\drivers\RARfsDriver.sys [2007-04-05 11:55]
    R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-08-03 15:04]
    R3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [2007-04-17 14:00]
    S2 RAInfo;RemotelyAnywhere Kernel Information Provider;C:\Program Files\RemotelyAnywhere\x86\RaInfo.sys []
    S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys []
    S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
    S3 ramirr;ramirr;C:\WINDOWS\system32\DRIVERS\ramirr.sys [2007-04-17 14:00]
    S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 12:55]
    S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 12:55]
    S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 12:55]
    S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 12:56]
    S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 12:56]
    S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 12:56]
    S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 12:56]

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-23 21:25:21
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-12-23 21:25:43
    .
    2007-12-22 02:01:03 — E O F —





































  • Verkeerde HJT , wil je de volgende keer de juiste gebruiken aub.


    Download:
    Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
    Je kunt het programma laten uitpakken naar je bureaublad.
    Open nu de map RVAXO op je bureaublad en dubbelklik [b:43d210c768]RVAXO.cmd[/b:43d210c768]
    Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    [b:43d210c768]Mogelijk[/b:43d210c768] start er ook een uninstaller van een rogue scanner op, [b:43d210c768]sluit deze niet af[/b:43d210c768] maar volg eventuele aanwijzingen en laat deze zijn werk doen.
    Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
    Laat deze lopen en wacht tot er een logfile opent.
    Deze is eventueel ook hier te vinden: C:\[b:43d210c768]RVAXO-results.log[/b:43d210c768]
    Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Herstarte je PC niet?

    Laat [b:43d210c768]RVAXO[/b:43d210c768] nog een keer lopen en post dan het nieuwe logje: [b:43d210c768]C:\rvaxo-results.log [/b:43d210c768]
  • [quote:07ca1e6bfd="juisterr"]Verkeerde HJT , wil je de volgende keer de juiste gebruiken aub.


    Download:
    Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
    Je kunt het programma laten uitpakken naar je bureaublad.
    Open nu de map RVAXO op je bureaublad en dubbelklik [b:07ca1e6bfd]RVAXO.cmd[/b:07ca1e6bfd]
    Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    [b:07ca1e6bfd]Mogelijk[/b:07ca1e6bfd] start er ook een uninstaller van een rogue scanner op, [b:07ca1e6bfd]sluit deze niet af[/b:07ca1e6bfd] maar volg eventuele aanwijzingen en laat deze zijn werk doen.
    Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
    Laat deze lopen en wacht tot er een logfile opent.
    Deze is eventueel ook hier te vinden: C:\[b:07ca1e6bfd]RVAXO-results.log[/b:07ca1e6bfd]
    Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Herstarte je PC niet?

    Laat [b:07ca1e6bfd]RVAXO[/b:07ca1e6bfd] nog een keer lopen en post dan het nieuwe logje: [b:07ca1e6bfd]C:\rvaxo-results.log [/b:07ca1e6bfd][/quote:07ca1e6bfd]

    Uh deze stap gaat mijn iets te ver boven mijn hoofd :o .
  • Doe rustig aan het is echt niet moeilijk, druk de instructie anders even af.
  • [quote:fd33beb2ee="juisterr"]Doe rustig aan het is echt niet moeilijk, druk de instructie anders even af.[/quote:fd33beb2ee]

    Bij dat mogelijk start er ook een uninstaller op is niet zo. En het herstarten doet die ook niet.
  • Je kon de tool wel runnen ? probeer de uitslag ervan te vinden en te plaatsen

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.