Vraag & Antwoord

Beveiliging & privacy

Spyware en andere zooi

Anoniem
None
9 antwoorden
 • Hallo ik heb sinds dat mijn broertje er weer een keer heeft gewerkt spyware erop. Ik heb hem net opnieuwe geinstaleerd mijn broertje komt er achter en weer spyware :evil: . Dus ik heb weinig zin om hem opnieuwe te instaleren. Daarom mijn vraag of jullie weten hoe ik dit kan verwijderen al deze spyware en andere zooi. Hieronder maar meteen een logje.

  Logfile of Trend Micro HijackThis v2.0.0 (BETA)
  Scan saved at 18:49:39, on 23-12-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\csrss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  C:\Program Files\Alwil Software\Avast4\ashServ.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\LogMeIn\x86\RaMaint.exe
  C:\Program Files\LogMeIn\x86\LogMeIn.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\PnkBstrA.exe
  C:\Program Files\CyberLink\Shared files\RichVideo.exe
  C:\WINDOWS\System32\PAStiSvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  C:\WINDOWS\System32\alg.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\WINDOWS\RTHDCPL.EXE
  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\locker.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
  C:\Program Files\Windows Media Player\wmplayer.exe
  C:\Program Files\Windows Live\Messenger\msnmsgr.exe
  C:\Program Files\Windows Live\Messenger\usnsvc.exe
  C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
  C:\Documents and Settings\Maikel\Bureaublad\HiJackThis_v2.exe
  C:\WINDOWS\System32\wbem\wmiprvse.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
  O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\awturon.dll (file missing)
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
  O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "C:\Program Files\RemotelyAnywhere\x86\RAGui.exe"
  O4 - HKLM\..\Run: [qxapurap] rundll32.exe "C:\Program Files\qxapurap\itixiraz.dll",Init
  O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
  O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
  O4 - HKLM\..\Run: [License] locker.exe
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
  O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [WinClicker.exe] "C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe" -atboottime
  O4 - HKLM\..\Policies\Explorer\Run: [sK06PpvXt9] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
  O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
  O20 - Winlogon Notify: awturon - awturon.dll (file missing)
  O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
  O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
  O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
  O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
  O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
  O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
  O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - Unknown owner - C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe (file missing)
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
  O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


  End of file - 8438 bytes
 • Hallo,


  Voer de volgende acties eerst uit:
  Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma:
  [b:4791cb8d27]WebHancer
  [/b:4791cb8d27]

  start opnieuw op
 • download en gebruik de nieuwste versie van HJT .


  http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe


  Start Hijackthis op en kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:2ff94faef5]
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
  O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\awturon.dll (file missing)
  O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
  O4 - HKLM\..\Run: [qxapurap] rundll32.exe "C:\Program Files\qxapurap\itixiraz.dll",Init
  O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
  O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
  O4 - HKLM\..\Run: [License] locker.exe
  O4 - HKLM\..\Policies\Explorer\Run: [sK06PpvXt9] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
  O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
  O20 - Winlogon Notify: awturon - awturon.dll (file missing)
  O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
  [/b:2ff94faef5]
  Sluit alle vensters behalve Hijackthis
  Klik op 'Fix checked' om de items te verwijderen.

  Download [b:2ff94faef5] naar je Bureaublad.
  Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

  OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:2ff94faef5]download Combofix opnieuw[/b:2ff94faef5]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:2ff94faef5]
  Dubbelklik op [b:2ff94faef5]Combofix.exe[/b:2ff94faef5]
  Volg de instructies, aanvaard de disclaimer door [b:2ff94faef5]1[/b:2ff94faef5] (continue) te typen, gevolgd door [b:2ff94faef5]ENTER[/b:2ff94faef5].
  Tijdens het runnen van de fix, [b:2ff94faef5]NIET[/b:2ff94faef5] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:2ff94faef5]
  Wanneer de fix voltooid is en na herstart, zal de log [b:2ff94faef5]combofix.txt[/b:2ff94faef5] openen.

 • Logfile of Trend Micro HijackThis v2.0.0 (BETA)
  Scan saved at 21:29, on 2007-12-23
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  C:\Program Files\Alwil Software\Avast4\ashServ.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\WINDOWS\RTHDCPL.EXE
  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\Program Files\LogMeIn\x86\RaMaint.exe
  C:\Program Files\Windows Live\Messenger\msnmsgr.exe
  C:\Program Files\LogMeIn\x86\LogMeIn.exe
  C:\Program Files\Eset\nod32krn.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\WINDOWS\system32\PnkBstrA.exe
  C:\Program Files\CyberLink\Shared files\RichVideo.exe
  C:\WINDOWS\System32\PAStiSvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Windows Live\Messenger\usnsvc.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Documents and Settings\Maikel\Bureaublad\HiJackThis_v2.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [WinClicker.exe] "C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe" -atboottime
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
  O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
  O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
  O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
  O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
  O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
  O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - Unknown owner - C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe (file missing)
  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
  O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


  End of file - 7228 bytes


  ComboFix 07-12-21.4 - Maikel 2007-12-23 21:22:44.1 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.574 [GMT 1:00]
  Gestart vanuit: C:\Documents and Settings\Maikel\Bureaublad\ComboFix.exe
  * Nieuw herstelpunt werd aangemaakt
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  C:\WINDOWS\PerfInfo
  C:\WINDOWS\PerfInfo\sK06PpvXt9uc.exe
  C:\WINDOWS\PerfInfo\sK06PpvXt9ud.exe
  C:\WINDOWS\system32\ldinfo.ldr

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2007-11-23 to 2007-12-23 ))))))))))))))))))))))))))))))
  .

  2007-12-23 20:44 . 2007-12-23 20:46 <DIR> d——– C:\Program Files\VirtualDJ
  2007-12-23 20:36 . 2007-12-23 20:37 13,015,916 –a—— C:\get_video.flv.AVI
  2007-12-23 20:04 . 2007-12-23 21:15 <DIR> d——– C:\Documents and Settings\Maikel\Application Data\Lavasoft
  2007-12-23 19:30 . 2005-09-23 08:29 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
  2007-12-23 19:29 . 2007-12-23 21:15 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2007-12-23 19:29 . 2007-12-23 19:29 164 –a—— C:\install.dat
  2007-12-23 19:28 . 2005-08-25 18:19 115,920 –a—— C:\WINDOWS\system32\MSINET.OCX
  2007-12-23 19:27 . 2007-12-23 19:26 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
  2007-12-23 19:27 . 2007-12-23 19:26 298,104 –a—— C:\WINDOWS\system32\imon.dll
  2007-12-23 19:27 . 2007-12-23 19:26 15,424 –a—— C:\WINDOWS\system32\drivers\nod32drv.sys
  2007-12-23 19:25 . 2007-12-23 19:25 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
  2007-12-23 19:18 . 2007-12-23 19:18 <DIR> d——– C:\WINDOWS\system32\GroupPolicy
  2007-12-23 18:08 . 2007-12-23 18:08 <DIR> d——– C:\Program Files\Office Multimedia Keyboard & Mouse Driver
  2007-12-23 15:27 . 2007-12-23 15:27 <DIR> d——– C:\WINDOWS\ppqvmpqr
  2007-12-22 22:53 . 2004-08-03 23:01 25,856 –a—— C:\WINDOWS\system32\drivers\usbprint.sys
  2007-12-22 22:53 . 2004-08-03 23:01 25,856 –a–c— C:\WINDOWS\system32\dllcache\usbprint.sys
  2007-12-22 20:02 . 2007-12-22 20:02 <DIR> d–h—– C:\WINDOWS\PIF
  2007-12-22 20:01 . 2007-12-22 20:01 8,192 –ahs—- C:\WINDOWS\Thumbs.db
  2007-12-22 11:41 . 2007-12-22 11:48 231 –a—— C:\WINDOWS\eJay_se.inf
  2007-12-22 11:40 . 1997-07-19 18:00 129,808 ——— C:\WINDOWS\system32\COMDLG32.ocx
  2007-12-21 20:20 . 2007-12-21 20:20 54,156 –ah—– C:\WINDOWS\QTFont.qfn
  2007-12-21 20:20 . 2007-12-21 20:20 1,409 –a—— C:\WINDOWS\QTFont.for
  2007-12-21 03:00 . 2007-12-21 03:00 <DIR> d——– C:\Program Files\MSXML 4.0
  2007-12-20 23:30 . 2007-12-20 23:30 0 –a—— C:\WINDOWS\mngui.INI
  2007-12-20 23:27 . 2007-02-08 12:55 97,088 -ra—— C:\WINDOWS\system32\drivers\sea1mdm.sys
  2007-12-20 23:27 . 2007-02-08 12:56 90,800 -ra—— C:\WINDOWS\system32\drivers\sea1unic.sys
  2007-12-20 23:27 . 2007-02-08 12:56 88,624 -ra—— C:\WINDOWS\system32\drivers\sea1mgmt.sys
  2007-12-20 23:27 . 2007-02-08 12:56 86,432 -ra—— C:\WINDOWS\system32\drivers\sea1obex.sys
  2007-12-20 23:27 . 2007-02-08 12:56 18,704 -ra—— C:\WINDOWS\system32\drivers\sea1nd5.sys
  2007-12-20 23:27 . 2007-02-08 12:55 9,360 -ra—— C:\WINDOWS\system32\drivers\sea1mdfl.sys
  2007-12-20 23:27 . 2007-02-08 12:55 6,240 -ra—— C:\WINDOWS\system32\drivers\sea1cmnt.sys
  2007-12-20 23:27 . 2007-02-08 12:55 6,240 -ra—— C:\WINDOWS\system32\drivers\sea1cm.sys
  2007-12-20 23:27 . 2007-02-08 12:55 4,128 -ra—— C:\WINDOWS\system32\drivers\sea1cr.sys
  2007-12-20 23:26 . 2007-02-08 12:55 61,536 -ra—— C:\WINDOWS\system32\drivers\sea1bus.sys
  2007-12-20 23:26 . 2007-02-08 12:56 5,872 -ra—— C:\WINDOWS\system32\drivers\sea1whnt.sys
  2007-12-20 23:26 . 2007-02-08 12:56 5,872 -ra—— C:\WINDOWS\system32\drivers\sea1wh.sys
  2007-12-20 23:24 . 2007-12-20 23:24 <DIR> d——– C:\Documents and Settings\Maikel\Application Data\Teleca
  2007-12-20 23:22 . 2007-12-20 23:22 <DIR> d——– C:\Documents and Settings\Maikel\Application Data\Sony Ericsson
  2007-12-20 23:18 . 2007-12-21 20:35 <DIR> d——– C:\Program Files\Common Files\Teleca Shared
  2007-12-20 23:02 . 2007-12-20 23:03 <DIR> d——– C:\Program Files\Disc2Phone
  2007-12-20 22:56 . 2007-12-20 22:57 <DIR> d——– C:\WINDOWS\system32\URTTemp
  2007-12-20 21:06 . 2007-12-20 21:06 <DIR> d——– C:\Program Files\Salling Software AB
  2007-12-20 20:55 . 2007-12-20 20:55 <DIR> d——– C:\Documents and Settings\Maikel\Application Data\Salling Software AB
  2007-12-20 20:55 . 2007-12-20 20:55 356,352 –a—— C:\WINDOWS\eSellerateEngine.dll
  2007-12-20 20:53 . 2004-08-04 01:03 154,112 –a—— C:\WINDOWS\system32\irftp.exe
  2007-12-20 20:53 . 2004-08-04 01:03 154,112 –a–c— C:\WINDOWS\system32\dllcache\irftp.exe
  2007-12-20 20:53 . 2004-08-04 01:03 28,160 –a—— C:\WINDOWS\system32\irmon.dll
  2007-12-20 20:53 . 2004-08-04 01:03 28,160 –a–c— C:\WINDOWS\system32\dllcache\irmon.dll
  2007-12-20 20:53 . 2004-08-04 01:03 8,192 –a—— C:\WINDOWS\system32\wshirda.dll
  2007-12-20 20:53 . 2004-08-04 01:03 8,192 –a–c— C:\WINDOWS\system32\dllcache\wshirda.dll
  2007-12-20 18:00 . 2007-12-20 18:00 <DIR> d——– C:\Program Files\Common Files\Adobe
  2007-12-20 18:00 . 2007-12-20 18:00 <DIR> d——– C:\Documents and Settings\Maikel\Application Data\AdobeUM
  2007-12-19 21:13 . 2007-12-20 20:10 230,432 –a—— C:\StiImg.dat
  2007-12-17 23:44 . 2007-12-17 23:44 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
  2007-12-15 23:19 . 2007-12-15 23:19 <DIR> d——– C:\Documents and Settings\Maikel\Application Data\Radmin
  2007-12-15 22:37 . 2005-01-14 09:32 53,248 –a—— C:\WINDOWS\system32\PAStiSvc.exe
  2007-12-15 22:36 . 2007-12-15 22:36 <DIR> d——– C:\WINDOWS\PixArt
  2007-12-15 22:36 . 2007-12-23 18:05 <DIR> d——– C:\WINDOWS\Downloaded Installations
  2007-12-15 22:36 . 2007-12-15 22:36 <DIR> d——– C:\Program Files\Trust
  2007-12-15 22:36 . 2007-12-15 22:36 <DIR> d——– C:\Program Files\Common Files\PCCamera
  2007-12-14 22:58 . 2004-08-18 09:34 442,368 -ra—— C:\WINDOWS\system32\vp6vfw.dll
  2007-12-14 22:54 . 2007-12-14 22:54 <DIR> d——– C:\Program Files\DAEMON Tools
  2007-12-14 20:08 . 2007-12-14 20:08 685,816 –a—— C:\WINDOWS\system32\drivers\sptd.sys
  2007-12-14 13:22 . 2007-12-14 13:22 490 –a—— C:\WINDOWS\otstuk.tmp
  2007-12-13 19:50 . 2007-12-03 22:08 12,800 –a—— C:\WINDOWS\system32\WING32.DLL
  2007-12-13 19:49 . 2006-07-26 18:16 652 –a—— C:\WINDOWS\hegames.ini
  2007-12-13 13:17 . 2007-12-13 13:17 <DIR> dr-h—– C:\Documents and Settings\Maikel\Application Data\SecuROM
  2007-12-13 13:16 . 2007-12-13 13:16 107,888 –a—— C:\WINDOWS\system32\CmdLineExt.dll
  2007-12-13 10:56 . 2007-12-13 10:56 <DIR> d——– C:\Program Files\The File Splitter 1.31
  2007-12-13 09:52 . 2007-12-13 09:52 <DIR> d——– C:\Program Files\AviSynth 2.5
  2007-12-13 09:51 . 2007-12-13 09:51 <DIR> d——– C:\Program Files\eRightSoft
  2007-12-12 00:01 . 2007-12-12 00:01 118 –a—— C:\WINDOWS\otstuk.bat
  2007-12-11 17:52 . 2007-12-11 17:52 <DIR> d——– C:\Documents and Settings\Maikel\Application Data\Atari
  2007-12-10 19:48 . 2007-12-10 19:48 <DIR> d——– C:\Program Files\Common Files\PocketSoft
  2007-12-10 19:48 . 2007-12-10 19:48 <DIR> d——– C:\Documents and Settings\Maikel\Application Data\Leadertech
  2007-12-10 19:48 . 2002-02-27 18:50 197,120 –a—— C:\WINDOWS\patchw32.dll
  2007-12-10 19:45 . 2007-12-10 19:45 <DIR> d——– C:\Program Files\Atari
  2007-12-10 19:16 . 2007-05-16 16:45 1,124,720 –a—— C:\WINDOWS\system32\D3DCompiler_34.dll
  2007-12-10 19:16 . 2007-05-16 16:45 443,752 –a—— C:\WINDOWS\system32\d3dx10_34.dll
  2007-12-10 19:16 . 2007-06-20 20:46 266,088 –a—— C:\WINDOWS\system32\xactengine2_8.dll
  2007-12-10 19:16 . 2007-06-20 20:45 18,280 –a—— C:\WINDOWS\system32\x3daudio1_2.dll
  2007-12-10 19:15 . 2007-05-16 16:45 3,497,832 –a—— C:\WINDOWS\system32\d3dx9_34.dll
  2007-12-10 19:15 . 2007-03-12 16:42 3,495,784 –a—— C:\WINDOWS\system32\d3dx9_33.dll
  2007-12-10 19:15 . 2006-11-29 13:06 3,426,072 –a—— C:\WINDOWS\system32\d3dx9_32.dll
  2007-12-10 19:15 . 2007-03-12 16:42 1,123,696 –a—— C:\WINDOWS\system32\D3DCompiler_33.dll
  2007-12-10 19:15 . 2007-03-15 16:57 443,752 –a—— C:\WINDOWS\system32\d3dx10_33.dll
  2007-12-10 19:15 . 2007-04-04 18:55 261,480 –a—— C:\WINDOWS\system32\xactengine2_7.dll
  2007-12-10 19:15 . 2007-01-24 15:27 255,848 –a—— C:\WINDOWS\system32\xactengine2_6.dll
  2007-12-10 19:15 . 2006-12-08 12:02 251,672 –a—— C:\WINDOWS\system32\xactengine2_5.dll
  2007-12-10 19:14 . 2007-12-14 12:28 103,736 –a—— C:\WINDOWS\system32\PnkBstrB.exe
  2007-12-10 19:14 . 2007-12-12 19:58 66,872 –a—— C:\WINDOWS\system32\PnkBstrA.exe
  2007-12-10 19:14 . 2007-12-14 12:28 22,328 –a—— C:\WINDOWS\system32\drivers\PnkBstrK.sys
  2007-12-10 19:14 . 2007-12-10 19:14 22,328 –a—— C:\Documents and Settings\Maikel\Application Data\PnkBstrK.sys
  2007-12-10 19:14 . 2007-12-10 19:14 319 –a—— C:\WINDOWS\game.ini
  2007-12-10 18:45 . 2007-12-10 18:45 <DIR> d——– C:\Program Files\Activision
  2007-12-10 18:43 . 2007-12-10 18:43 <DIR> d–hs—- C:\WINDOWS\ftpcache
  2007-12-10 16:27 . 2007-12-14 23:58 <DIR> d——– C:\Program Files\EA GAMES
  2007-12-10 16:25 . 2007-12-10 16:25 <DIR> d——– C:\WINDOWS\Cache
  2007-12-10 16:23 . 2007-12-10 16:23 <DIR> d——– C:\Program Files\Davilex Games
  2007-12-10 16:15 . 2007-12-10 19:23 <DIR> d——– C:\Program Files\Electronic Arts

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2007-12-15 21:36 ——— d—–w C:\Program Files\Common Files\InstallShield
  2007-12-04 14:56 93,264 —-a-w C:\WINDOWS\system32\drivers\aswmon.sys
  2007-12-04 14:55 94,544 —-a-w C:\WINDOWS\system32\drivers\aswmon2.sys
  2007-12-04 14:53 23,152 —-a-w C:\WINDOWS\system32\drivers\aswRdr.sys
  2007-12-04 14:51 42,912 —-a-w C:\WINDOWS\system32\drivers\aswTdi.sys
  2007-12-04 14:49 26,624 —-a-w C:\WINDOWS\system32\drivers\aavmker4.sys
  2007-12-04 13:04 837,496 —-a-w C:\WINDOWS\system32\aswBoot.exe
  2007-12-04 12:54 95,608 —-a-w C:\WINDOWS\system32\AvastSS.scr
  2007-12-03 18:20 315,392 —-a-w C:\WINDOWS\HideWin.exe
  2007-12-03 17:55 ——— d—–w C:\Documents and Settings\All Users\Application Data\nView_Profiles
  2007-12-03 17:49 ——— d—–w C:\Program Files\SystemRequirementsLab
  2007-12-03 17:19 ——— d—–w C:\Program Files\microsoft frontpage
  2007-11-22 21:24 73,216 —-a-w C:\WINDOWS\WinLockDll.dll
  2007-11-22 21:24 38,400 —-a-w C:\WINDOWS\wl.exe
  2007-11-15 17:46 23,736 —-a-w C:\WINDOWS\system32\lmimirr.dll
  2007-11-15 17:46 10,040 —-a-w C:\WINDOWS\system32\lmimirr2.dll
  2007-11-14 16:14 4,625,408 —-a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
  2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
  2007-11-07 16:31 1,191,936 —-a-w C:\WINDOWS\RtlUpd.exe
  2007-11-06 09:50 16,855,552 —-a-w C:\WINDOWS\RTHDCPL.exe
  2007-10-29 22:45 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
  2007-10-25 08:28 222,720 —-a-w C:\WINDOWS\system32\wmasf.dll
  2007-10-18 10:31 51,224 —-a-w C:\WINDOWS\system32\sirenacm.dll
  2007-10-11 10:04 1,826,816 —-a-w C:\WINDOWS\SkyTel.exe
  2007-10-04 17:16 356,352 —-a-w C:\WINDOWS\system32\NVUNINST.EXE
  2007-10-04 16:14 81,920 —-a-w C:\WINDOWS\system32\nvwddi.dll
  2007-10-04 16:14 81,920 —-a-w C:\WINDOWS\system32\nvmctray.dll
  2007-10-04 16:14 8,491,008 —-a-w C:\WINDOWS\system32\nvcpl.dll
  2007-10-04 16:14 753,664 —-a-w C:\WINDOWS\system32\nvcplui.exe
  2007-10-04 16:14 6,750,208 —-a-w C:\WINDOWS\system32\nvoglnt.dll
  2007-10-04 16:14 6,344,704 —-a-w C:\WINDOWS\system32\nvdisps.dll
  2007-10-04 16:14 5,783,424 —-a-w C:\WINDOWS\system32\nv4_disp.dll
  2007-10-04 16:14 466,944 —-a-w C:\WINDOWS\system32\nvshell.dll
  2007-10-04 16:14 45,056 —-a-w C:\WINDOWS\system32\nvmccsrs.dll
  2007-10-04 16:14 442,368 —-a-w C:\WINDOWS\system32\nvappbar.exe
  2007-10-04 16:14 425,984 —-a-w C:\WINDOWS\system32\keystone.exe
  2007-10-04 16:14 364,544 —-a-w C:\WINDOWS\system32\nvapi.dll
  2007-10-04 16:14 36,864 —-a-w C:\WINDOWS\system32\nvcodins.dll
  2007-10-04 16:14 36,864 —-a-w C:\WINDOWS\system32\nvcod.dll
  2007-10-04 16:14 356,352 —-a-w C:\WINDOWS\system32\nvudisp.exe
  2007-10-04 16:14 307,200 —-a-w C:\WINDOWS\system32\nvexpbar.dll
  2007-10-04 16:14 3,551,232 —-a-w C:\WINDOWS\system32\nvvitvs.dll
  2007-10-04 16:14 3,334,144 —-a-w C:\WINDOWS\system32\nvgames.dll
  2007-10-04 16:14 286,720 —-a-w C:\WINDOWS\system32\nvnt4cpl.dll
  2007-10-04 16:14 229,376 —-a-w C:\WINDOWS\system32\nvmccs.dll
  2007-10-04 16:14 2,371,584 —-a-w C:\WINDOWS\system32\nvwss.dll
  2007-10-04 16:14 188,416 —-a-w C:\WINDOWS\system32\nvmccss.dll
  2007-10-04 16:14 155,716 —-a-w C:\WINDOWS\system32\nvsvc32.exe
  2007-10-04 16:14 147,456 —-a-w C:\WINDOWS\system32\nvcolor.exe
  2007-10-04 16:14 1,703,936 —-a-w C:\WINDOWS\system32\nvwdmcpl.dll
  2007-10-04 16:14 1,626,112 —-a-w C:\WINDOWS\system32\nwiz.exe
  2007-10-04 16:14 1,478,656 —-a-w C:\WINDOWS\system32\nview.dll
  2007-10-04 16:14 1,339,392 —-a-w C:\WINDOWS\system32\nvdspsch.exe
  2007-10-04 16:14 1,150,976 —-a-w C:\WINDOWS\system32\nvmobls.dll
  2007-10-04 16:14 1,019,904 —-a-w C:\WINDOWS\system32\nvwimg.dll
  2006-05-03 09:06 163,328 –sh–r C:\WINDOWS\system32\flvDX.dll
  2007-02-21 10:47 31,232 –sh–r C:\WINDOWS\system32\msfDX.dll
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
  "WinClicker.exe"="C:\Program Files\Salling Software AB\Salling Clicker\WinClicker.exe" [2005-12-14 12:59]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe]
  "nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
  "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe]
  "RTHDCPL"="RTHDCPL.EXE" [2007-11-06 10:50 C:\WINDOWS\RTHDCPL.exe]
  "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
  "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
  "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29]
  "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
  "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09]
  "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl]
  "WireLessKeyboard"="C:\Program Files\Office Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe" [2005-10-22 18:15]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
  LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RAinit]
  RAinit.dll 2007-05-25 18:22 58960 C:\WINDOWS\system32\RAinit.dll

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessMouse]
  2005-10-21 08:51 286720 –a—— C:\Program Files\Office Multimedia Keyboard & Mouse Driver\MouseDrv.exe

  R2 BT848;AVerMedia, AVerTV WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2001-12-07 20:59]
  R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2001-12-12 07:26]
  R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [2001-08-22 01:43]
  R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
  R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
  R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;C:\WINDOWS\system32\drivers\RARfsDriver.sys [2007-04-05 11:55]
  R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-08-03 15:04]
  R3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [2007-04-17 14:00]
  S2 RAInfo;RemotelyAnywhere Kernel Information Provider;C:\Program Files\RemotelyAnywhere\x86\RaInfo.sys []
  S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys []
  S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
  S3 ramirr;ramirr;C:\WINDOWS\system32\DRIVERS\ramirr.sys [2007-04-17 14:00]
  S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 12:55]
  S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 12:55]
  S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 12:55]
  S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 12:56]
  S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 12:56]
  S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 12:56]
  S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 12:56]

  *Newly Created Service* - CATCHME
  *Newly Created Service* - PROCEXP90
  .
  **************************************************************************

  catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-12-23 21:25:21
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2007-12-23 21:25:43
  .
  2007-12-22 02:01:03 — E O F —
 • Verkeerde HJT , wil je de volgende keer de juiste gebruiken aub.


  Download:
  Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
  Je kunt het programma laten uitpakken naar je bureaublad.
  Open nu de map RVAXO op je bureaublad en dubbelklik [b:43d210c768]RVAXO.cmd[/b:43d210c768]
  Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
  [b:43d210c768]Mogelijk[/b:43d210c768] start er ook een uninstaller van een rogue scanner op, [b:43d210c768]sluit deze niet af[/b:43d210c768] maar volg eventuele aanwijzingen en laat deze zijn werk doen.
  Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
  Laat deze lopen en wacht tot er een logfile opent.
  Deze is eventueel ook hier te vinden: C:\[b:43d210c768]RVAXO-results.log[/b:43d210c768]
  Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.

  Herstarte je PC niet?

  Laat [b:43d210c768]RVAXO[/b:43d210c768] nog een keer lopen en post dan het nieuwe logje: [b:43d210c768]C:\rvaxo-results.log [/b:43d210c768]
 • [quote:07ca1e6bfd="juisterr"]Verkeerde HJT , wil je de volgende keer de juiste gebruiken aub.


  Download:
  Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
  Je kunt het programma laten uitpakken naar je bureaublad.
  Open nu de map RVAXO op je bureaublad en dubbelklik [b:07ca1e6bfd]RVAXO.cmd[/b:07ca1e6bfd]
  Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
  [b:07ca1e6bfd]Mogelijk[/b:07ca1e6bfd] start er ook een uninstaller van een rogue scanner op, [b:07ca1e6bfd]sluit deze niet af[/b:07ca1e6bfd] maar volg eventuele aanwijzingen en laat deze zijn werk doen.
  Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
  Laat deze lopen en wacht tot er een logfile opent.
  Deze is eventueel ook hier te vinden: C:\[b:07ca1e6bfd]RVAXO-results.log[/b:07ca1e6bfd]
  Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.

  Herstarte je PC niet?

  Laat [b:07ca1e6bfd]RVAXO[/b:07ca1e6bfd] nog een keer lopen en post dan het nieuwe logje: [b:07ca1e6bfd]C:\rvaxo-results.log [/b:07ca1e6bfd][/quote:07ca1e6bfd]

  Uh deze stap gaat mijn iets te ver boven mijn hoofd :o .
 • Doe rustig aan het is echt niet moeilijk, druk de instructie anders even af.
 • [quote:fd33beb2ee="juisterr"]Doe rustig aan het is echt niet moeilijk, druk de instructie anders even af.[/quote:fd33beb2ee]

  Bij dat mogelijk start er ook een uninstaller op is niet zo. En het herstarten doet die ook niet.
 • Je kon de tool wel runnen ? probeer de uitslag ervan te vinden en te plaatsen

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.