Download: RVAXO.exe

• Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
• Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
  Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
• Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
  
• Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
  Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
• Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
• Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.

Bedankt voor uw snel reactie.

Ik kan de RVAXO.cmd niet vinden, hoewel ik de RVAXO bestand heb. Hij opent in RVAXO 1 t/m 5

Probeer deze dan maar RemoveVideoActiveXObject.exe

het is gelukt. Ik heb nu wel last van andere namelijk XP Antivirus 2008. Ik weet niet wat het is. hoe kan ik deze XP Antivirus 2008 verwijderen. Ik kan hem niet via software verwijderen. Hieronder staat de scan raport




XP Antivirus 2008 system scan report.
Report generated 27.12.2007 22:06:09

Type Run type Name Details
Trojan C://windows/system32/wwin32.dll Worm.Win32.Womble.a Steals all ***** passwords from this computer and send it to the grabber.
Trojan C://windows/system32/syst032.exel Trojan.Win32.Agent.brk Trojan program that can compromise your private information stored on the hard drive.
Spyware autorun Spy.HTML.Paylap.bg #Uses the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site.
Trojan autorun Worm.Win32.NetSky #Replacing computers background with red screen and blocking some computers features.
Backdoor C://windows/system32/svchost.exe Win32.Rbot.fm An IRC controlled backdoor that can be used to gain unauthorized access to a victim's machine.
Trojan C://windows/system32/explorer.exe Trojan.MailGrabber.s Trojan horse that gets access to e-mail accounts on the infected computer.
Spyware C://windows/system32/iesetup.dll Spyware.IEMonster.d "Steals passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs."
Adware autorun Zlob.PornAdvertiser.ba Adware that displays pop-up/pop-under advertisements of pornographic or online gambling Web sites.
Spyware autorun Spyware.IMMonitor program that can be used to monitor and record conversations in popular instant messaging applications.
Trojan autorun Infostealer.Banker.E Steals sensitive information from the infected computer (e.g. logins and passwords from online banking sessions)
Dialer C://windows/system32/cmdial32.dll Dialer.Xpehbam.biz_dialer A Dialer that loads pornographic material. The url information shows Hardcore Pornographic pages.
Spyware autorun Spyware.KnownBadSites Uses the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site.
Trojan autorun Trojan.Tooso Trojan.Tooso is a trojan which attempts to terminate and delete security related applications.
Trojan C://windows/system32/alg.exe Trojan.Alg.t Trojan program that can compromise your private information stored on the hard drive.
Rogue C://Program Files/TrustedAntivirus TrustedAntivirus A corrupt and misleading anti-virus program that may be usually installed with the help of malcous Trojans and other malware
Rogue C://Program Files/SecurePCCleaner SecurePCCleaner Rogue Security Software: fake Security software that uses deceptive means for installation and purpose.
Rogue C://Program Files/AVSystemCare AVSystemCare Rogue Security Software: fake Security software that uses deceptive means for installation and purpose.
Rogue C://Program Files/UltimateCleaner UltimateCleaner The program is considered malware due to its difficult uninstallation and deceptive operation.
Rogue C://Program Files/UltimateDefender UltimateDefender The program is considered malware due to its difficult uninstallation and deceptive operation.
Rogue C://Program Files/Advanced Cleaner AdvancedCleaner "A rogue anti-spyware program that uses altered desktop backgrounds, fake security alerts, and other malware to advertise and install itself."
Trojan C://windows/system32/ Trojan.BAT.Adduser.t This Trojan has a malicious payload. It is a BAT file. It is 1129 bytes in size.
Spyware C://windows/system32/ Spyware.007SpySoftware Program designed to monitor user activity. May be used with or without consent.
Trojan C://windows/hidden/ Trojan.Clicker.EC Trojan.Clicker.EC is an information stealing Trojan that masquerades as a legitimate system file so as to avoid detection and subsequent removal.
Dialer C://windows/hidden/ Dialer.Trafficjam.a Dialer.Trafficjam.a is a premium-rate phone dialer that automatically invokes paid access to various porn-related Web sites.
Trojan hidden autorun Trojan.Poison.J Trojan.Poison.J is a key-logging Trojan for the Windows platform.
Adware Registry Adware.eXact.BargainBuddy A browser helper object that monitors internet browsing sessions in an attempt to redirect search queries and distribute unsolicited advertisements.
Worm C://windows/system32/ Win32.Delbot.AI Win32.Delbot.AI is a worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Worm C://windows/temp/ Win32.Sdbot.ADN A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Trojan C://windows/ Trojan-Dropper.Win32.Agent.bot This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user. It is a Windows PE EXE file. It is 70656 bytes in size.
Worm C://windows/temp/ Win32.Rbot.CBX A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file. Associated processes connect to the Internet to download additional components that may jeopardize system security.
Trojan C://windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge or consent.
Worm autorun Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
Trojan C://windows/system/drivers/ Win32.Spamta.KG.worm A multi-component mass-mailing worm that downloads and executes files from the Internet.
Trojan C://windows/system/drivers/etc/ Trojan.IRCBot.d a worm that opens an IRC back door on the compromised host. It spreads by exploiting the Microsoft Windows Server Service Remote Buffer Overflow Vulnerability.
Trojan C://windows/system/mui/ Trojan.Dropper.MSWord.j A Microsoft Word macro virus that drops a trojan onto the infected host.
Trojan C://windows/system/mui/ Win32.Clagger.C This is small Trojan downloader that downloads files and lowers security settings. It is spreading as an email attachment.
Worm C://windows/system/ Worm.Bagle.CP "This is a ""Bagle"" mass-mailer which demonstrates typical ""Bagle"" behavior: it has a .ZIP file attachment, it contains a simple message subject/body, and it spreads to others."
Worm C://windows/ Win32.BlackMail.xx "This dangerous worm will destroy certain data files on an infected user's machine on February 3, 2008."
Trojan hidden autorun Trojan.Win32.Agent.ado Trojan downloader that is spread as an attachment to a spam email and tries to download a password stealer.
Trojan hidden autorun Win32.Outsbot.u A backdoor Trojan that is remotely controlled via Internet Relay Chat (IRC). It exploits Sony BMG Digital Rights Management (DRM) software to hide its presence.
Worm hidden autorun Win32.Sober.P This is a mass-mailing worm that uses its own SMTP engine to spread. It sends itself as an email attachment that mimics an image file.
Worm C://windows/temp/ Win32.Sdbot.ADN A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Trojan C://windows/ Trojan-Dropper.Win32.Agent.bot This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user. It is a Windows PE EXE file. It is 70656 bytes in size.
Worm C://windows/temp/ Win32.Rbot.CBX A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file. Associated processes connect to the Internet to download additional components that may jeopardize system security.
Trojan C://windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge or consent.
Worm autorun Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
Trojan C://windows/system/drivers/ Win32.Spamta.KG.worm A multi-component mass-mailing worm that downloads and executes files from the Internet.
Trojan C://windows/system/drivers/etc/ Trojan.IRCBot.d a worm that opens an IRC back door on the compromised host. It spreads by exploiting the Microsoft Windows Server Service Remote Buffer Overflow Vulnerability.
Trojan C://windows/system/mui/ Trojan.Dropper.MSWord.j A Microsoft Word macro virus that drops a trojan onto the infected host.
Trojan C://windows/system/mui/ Win32.Clagger.C This is small Trojan downloader that downloads files and lowers security settings. It is spreading as an email attachment.
Worm C://windows/system/ Worm.Bagle.CP "This is a ""Bagle"" mass-mailer which demonstrates typical ""Bagle"" behavior: it has a .ZIP file attachment, it contains a simple message subject/body, and it spreads to others."
Worm C://windows/ Win32.BlackMail.xx "This dangerous worm will destroy certain data files on an infected user's machine on February 3, 2008."
Trojan hidden autorun Trojan.Win32.Agent.ado Trojan downloader that is spread as an attachment to a spam email and tries to download a password stealer.
Trojan hidden autorun Win32.Outsbot.u A backdoor Trojan that is remotely controlled via Internet Relay Chat (IRC). It exploits Sony BMG Digital Rights Management (DRM) software to hide its presence.
Worm hidden autorun Win32.Sober.P This is a mass-mailing worm that uses its own SMTP engine to spread. It sends itself as an email attachment that mimics an image file.
Trojan C://windows/system32/ Trojan.BAT.Adduser.t This Trojan has a malicious payload. It is a BAT file. It is 1129 bytes in size.
Spyware C://windows/system32/ Spyware.007SpySoftware Program designed to monitor user activity. May be used with or without consent.
Trojan C://windows/hidden/ Trojan.Clicker.EC Trojan.Clicker.EC is an information stealing Trojan that masquerades as a legitimate system file so as to avoid detection and subsequent removal.
Dialer C://windows/hidden/ Dialer.Trafficjam.a Dialer.Trafficjam.a is a premium-rate phone dialer that automatically invokes paid access to various porn-related Web sites.
Trojan hidden autorun Trojan.Poison.J Trojan.Poison.J is a key-logging Trojan for the Windows platform.
Adware Registry Adware.eXact.BargainBuddy A browser helper object that monitors internet browsing sessions in an attempt to redirect search queries and distribute unsolicited advertisements.
Worm C://windows/system32/ Win32.Delbot.AI Win32.Delbot.AI is a worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Worm C://windows/temp/ Win32.Sdbot.ADN A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Trojan C://windows/ Trojan-Dropper.Win32.Agent.bot This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user. It is a Windows PE EXE file. It is 70656 bytes in size.
Worm C://windows/temp/ Win32.Rbot.CBX A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file. Associated processes connect to the Internet to download additional components that may jeopardize system security.
Trojan C://windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge or consent.
Spyware C://windows/system32/ W97M/Spirocheta A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ W97M/Smac.B A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ W97M/Satan.A A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ W97M/Sandula-B A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ W97M/Renegade A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Forbot.h A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Forbot.gen A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Foobot A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.a A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.awe A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.wqa A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.aer A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.da A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.ssa A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.dfa A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.awq A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.eaf A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.aee A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.wqa A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.ba A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.ca A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.da A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.aoy A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.arr A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.ag A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.b A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.bwe A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.wqb A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.ber A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.db A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.ssb A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.dfb A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.abb A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.ebf A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.bbe A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.wqb A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.bb A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.cb A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.db A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.boy A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.brr A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.bg A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.bgr A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.brd A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.ccb A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.agt A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Spyware C://windows/system32/ Backdoor.Flyagent.art A dangerous generic spyware. It is designed to steal sensitive information from the victim machine.
Tracking Cookie Web browser ad.yieldmanager C:\Documents and Settings\Amankwah\Cookies\[email protected][2].txt
Tracking Cookie Web browser ad.zanox C:\Documents and Settings\Amankwah\Cookies\[email protected][1].txt
Tracking Cookie Web browser advancedcleaner C:\Documents and Settings\Amankwah\Cookies\amankwah@advancedcleaner[2].txt
Tracking Cookie Web browser alfaantivirus C:\Documents and Settings\Amankwah\Cookies\amankwah@alfaantivirus[2].txt
Tracking Cookie Web browser b2adz C:\Documents and Settings\Amankwah\Cookies\amankwah@b2adz[1].txt
Tracking Cookie Web browser gomyhit C:\Documents and Settings\Amankwah\Cookies\amankwah@gomyhit[2].txt
Tracking Cookie Web browser gomyhit C:\Documents and Settings\Amankwah\Cookies\amankwah@gomyhit[3].txt
Tracking Cookie Web browser hitmanpro C:\Documents and Settings\Amankwah\Cookies\amankwah@hitmanpro[1].txt
Tracking Cookie Web browser login.live C:\Documents and Settings\Amankwah\Cookies\[email protected][2].txt
Tracking Cookie Web browser protect.trustedantivirus C:\Documents and Settings\Amankwah\Cookies\[email protected][1].txt
Tracking Cookie Web browser protect.trustedantivirus C:\Documents and Settings\Amankwah\Cookies\[email protected][3].txt
Tracking Cookie Web browser rad.msn C:\Documents and Settings\Amankwah\Cookies\[email protected][2].txt
Tracking Cookie Web browser sale.trustedantivirus C:\Documents and Settings\Amankwah\Cookies\[email protected][1].txt
Tracking Cookie Web browser salf.alfaantivirus C:\Documents and Settings\Amankwah\Cookies\[email protected][1].txt
Tracking Cookie Web browser secure.advancedcleaner C:\Documents and Settings\Amankwah\Cookies\[email protected][1].txt
Tracking Cookie Web browser trustedantivirus C:\Documents and Settings\Amankwah\Cookies\amankwah@trustedantivirus[1].txt
Tracking Cookie Web browser www.antispywareoffensief C:\Documents and Settings\Amankwah\Cookies\[email protected][2].txt
Tracking Cookie Web browser www.hitmanpro C:\Documents and Settings\Amankwah\Cookies\[email protected][2].txt

Post de gevraagde logjes: C:\RVAXO-results.log en een nieuw logje van Hijackthis.

het lukt mij niet om de RVAXO results te krijgen. Ik kan het bestand niet open maken

Bestand openen met Wordpad of Word

Hijackthis lukt ook niet meer?

hier de hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 8:59:29, on 28-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Common Files\SecurePCCleaner\mc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VoipCheapCom\VoipCheapCom.exe
C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\XP Antivirus\xpantivirus.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Amankwah\Bureaublad\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hitmanpro.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1034
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: CRnPluginSite Object - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\WINDOWS\system32\rnieplug.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SecurePCCleaner\mc.exe" dm=http://securepccleaner.com ad=http://securepccleaner.com sd=http://ilp.securepccleaner.com
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [VoipStunt] "C:\program files\voipstunt.com\voipstunt\voipstunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpantivirus.exe
O4 - Startup: AdSubtract.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?2daa262f84a544549f59daf32fcfd0f4
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?2daa262f84a544549f59daf32fcfd0f4
O9 - Extra button: ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\WINDOWS\system32\rnieplug.dll
O9 - Extra 'Tools' menuitem: ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\WINDOWS\system32\rnieplug.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1049_EN_XP.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Probeer het volgende:
Start - Uitvoeren geef hier het volgende in:
start notepad C:\rvaxo-results.log
Druk op OK.
Als het logje opent post je de inhoud hier

hieronder de logje




Logfile of HijackThis v1.99.1
Scan saved at 8:59:29, on 28-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Common Files\SecurePCCleaner\mc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VoipCheapCom\VoipCheapCom.exe
C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\XP Antivirus\xpantivirus.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Amankwah\Bureaublad\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hitmanpro.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1034
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: CRnPluginSite Object - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\WINDOWS\system32\rnieplug.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SecurePCCleaner\mc.exe" dm=http://securepccleaner.com ad=http://securepccleaner.com sd=http://ilp.securepccleaner.com
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [VoipStunt] "C:\program files\voipstunt.com\voipstunt\voipstunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpantivirus.exe
O4 - Startup: AdSubtract.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?2daa262f84a544549f59daf32fcfd0f4
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?2daa262f84a544549f59daf32fcfd0f4
O9 - Extra button: ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\WINDOWS\system32\rnieplug.dll
O9 - Extra 'Tools' menuitem: ReadNotify - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\WINDOWS\system32\rnieplug.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1049_EN_XP.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Ik wist wel dat je het kon

Download Combofix naar je Bureaublad.
Dubbelklik op Combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

hieronder mijn combofix log. ik hoor graag van u


ComboFix 08-01-06.4 - Amankwah 2008-01-05 23:13:04.1 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Amankwah\Bureaublad\ComboFix.exe
.
ADS - system32: deleted 12 bytes in 1 streams.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Amankwah\Application Data\installer_en[1].exe
C:\Documents and Settings\Amankwah\Favorieten\Error Cleaner.url
C:\Documents and Settings\Amankwah\Favorieten\Privacy Protector.url
C:\Documents and Settings\Amankwah\Favorieten\Spyware&Malware Protection.url
C:\Documents and Settings\Amankwah\Mijn documenten\installer_en.exe
C:\Program Files\iMeshBar
C:\Program Files\iMeshBar\bar\History\search
C:\Program Files\myglobalsearch
C:\WINDOWS\alxvdvm.dll
C:\WINDOWS\Downloaded Program Files.\egauth.inf
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\fvkwdrt.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\bcgfoye.dat
C:\WINDOWS\system32\bcgfoye_nav.dat
C:\WINDOWS\system32\ppkosmyaf.dat
c:\windows\system32\ppkosmyaf.exe
c:\WINDOWS\system32\ppkosmyaf_nav.dat
C:\WINDOWS\tmlpcert2007

.
(((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
.

2008-01-05 23:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 22:41 . 2008-01-05 22:41 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-01-05 22:36 . 2008-01-05 22:36 <DIR> d-------- C:\Program Files\Webroot
2008-01-05 22:36 . 2008-01-05 22:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-05 22:36 . 2008-01-05 22:36 <DIR> d-------- C:\Documents and Settings\Amankwah\Application Data\Webroot
2008-01-05 22:36 . 2008-01-05 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-05 22:36 . 2006-08-03 19:33 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-05 22:36 . 2006-08-03 19:33 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-05 22:36 . 2006-08-03 19:33 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-12-27 22:36 . 2007-12-27 22:36 <DIR> d-------- C:\Documents and Settings\Amankwah\Application Data\SecurePCCleaner
2007-12-27 22:31 . 2007-12-28 09:27 <DIR> d-------- C:\Program Files\Common Files\SecurePCCleaner
2007-12-27 22:31 . 2007-12-27 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecurePCCleaner
2007-12-27 20:41 . 2007-12-27 20:41 <DIR> d-------- C:\Program Files\XP Antivirus
2007-12-27 18:00 . 2007-12-28 11:58 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-27 18:00 . 2007-12-27 18:00 <DIR> d-------- C:\Documents and Settings\Amankwah\Application Data\PC Tools
2007-12-27 18:00 . 2007-12-27 18:04 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-27 18:00 . 2007-12-27 18:04 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-27 18:00 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-27 18:00 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-27 17:53 . 2007-12-27 17:53 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-27 17:50 . 2007-12-28 09:32 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-27 15:50 . 2007-12-27 15:50 <DIR> d-------- C:\Program Files\SurfRight
2007-12-27 15:50 . 2007-12-27 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight
2007-12-27 14:01 . 2007-12-27 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-27 10:08 . 2007-12-27 10:08 <DIR> d-------- C:\Program Files\MediaSupplyCodec
2007-12-18 11:48 . 2007-12-17 17:43 19,575 --------- C:\WINDOWS\hpoins01.dat.temp
2007-12-18 11:48 . 2003-04-22 10:24 16,606 --------- C:\WINDOWS\hpomdl01.dat.temp
2007-12-18 11:26 . 2007-12-18 11:26 <DIR> d-------- C:\Temp\FixEngine
2007-12-18 11:25 . 2007-12-18 11:25 <DIR> d-------- C:\Program Files\Hp
2007-12-17 17:39 . 2007-12-17 17:43 19,575 --------- C:\WINDOWS\hpoins01.dat
2007-12-17 17:39 . 2003-04-22 10:24 16,606 --------- C:\WINDOWS\hpomdl01.dat
2007-12-16 22:40 . 2007-02-08 20:00 1,079,808 -ra------ C:\WINDOWS\system32\mfc80u.dll
2007-12-16 22:40 . 2007-02-08 20:00 548,864 -ra------ C:\WINDOWS\system32\msvcp80.dll
2007-12-16 22:40 . 2007-02-08 20:00 95,744 -ra------ C:\WINDOWS\system32\atl80.dll
2007-12-16 22:37 . 2007-12-16 22:37 <DIR> d-------- C:\Program Files\OLYMPUS
2007-12-15 19:50 . 2003-11-14 10:19 1,044,480 -ra------ C:\WINDOWS\system32\Roboex32.dll
2007-12-15 19:50 . 2003-11-14 10:19 40,960 -ra------ C:\WINDOWS\system32\wh2robo.dll
2007-12-15 19:47 . 2007-12-15 19:50 <DIR> d-------- C:\Program Files\Watchtower

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 16:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-28 16:44 --------- d-----w C:\Documents and Settings\Amankwah\Application Data\Yahoo!
2007-12-28 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-28 11:02 --------- d-----w C:\Program Files\Hitman Pro
2007-12-28 10:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 09:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-27 17:06 --------- d-----w C:\Documents and Settings\Amankwah\Application Data\Lavasoft
2007-12-21 21:55 --------- d-----w C:\Program Files\Yahoo!
2007-12-21 21:54 --------- d-----w C:\Program Files\VoipBuster.com
2007-12-18 22:21 --------- d-----w C:\Program Files\Opera
2007-12-16 21:41 --------- d-----w C:\Program Files\QuickTime
2007-12-16 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-15 18:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-02 06:39 --------- d-----w C:\Program Files\VoipCheapCom
2007-12-01 22:49 --------- d-----w C:\Program Files\Sony
2007-12-01 22:39 --------- d-----w C:\Program Files\Sony Setup
2007-12-01 22:39 --------- d-----w C:\Documents and Settings\Amankwah\Application Data\Sony Setup
2007-12-01 22:31 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-12-01 22:29 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-12-01 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2007-12-01 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-12-01 22:28 --------- d-----w C:\Program Files\Sony Ericsson
2007-11-21 12:28 --------- d-----w C:\Documents and Settings\Amankwah\Application Data\VoipDiscount
2007-11-15 17:32 --------- d-----w C:\Program Files\Winamp
2007-11-13 15:30 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2005-11-11 23:13 4,340 ----a-w C:\Program Files\Warez P2P ClientIPGUARD.LOG
2005-08-30 18:27 16,252,590 ----a-w C:\Program Files\setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"VoipBuster"="C:\program files\voipbuster.com\voipbuster\voipbuster.exe" [ ]
"VoipCheapCom"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe" [2007-07-10 22:20 7202360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"VoipDiscount"="C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" [2006-12-22 13:19 7558720]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [ ]
"VoipStunt"="C:\program files\voipstunt.com\voipstunt\voipstunt.exe" [ ]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 20:43 95800]
"XP Antivirus"="C:\Program Files\XP Antivirus\xpantivirus.exe" [2007-12-27 20:41 493056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.exe" [2002-01-28 13:48 885760]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 21:31 36975]
"M1000Mnt"="M1000Rmv.exe"
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
"VTTimer"="VTTimer.exe" [2005-03-07 20:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-10-31 21:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 07:07 90112 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-12 17:48 155648]
"RegistryMechanic"=""
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-20 21:33 185896]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]
"ppkosmyaf"="c:\windows\system32\ppkosmyaf.exe" [ ]
"Salestart"="C:\Program Files\Common Files\SecurePCCleaner\mc.exe" [ ]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 19:56 3871744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2Search]
C:\Program Files\2search\main.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMprocess]
C:\Program Files\IM Names\IM-svr.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls]
C:\program files\internetcalls.com\internetcalls\internetcalls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]
--a------ 2007-07-10 22:20 7202360 C:\program files\voipcheapcom\voipcheapcom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount]
--a------ 2006-12-22 13:19 7558720 C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
C:\program files\voipstunt.com\voipstunt\voipstunt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69586a90-35c5-11db-8369-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - PROCEXP90
.
Inhoud van de 'Gedeelde Taken' map
"2008-01-05 22:00:00 C:\WINDOWS\Tasks\ADE9FA0B91866D53.job"
- c:\progra~1\infomp~1\boobcdromflap.exe
"2008-01-05 22:00:00 C:\WINDOWS\Tasks\AE33ECB091849D9C.job"
- c:\docume~1\joseph~1\applic~1\infomp~1\boobcdromflap.exe
"2008-01-05 22:00:00 C:\WINDOWS\Tasks\AF5BE5D591849E69.job"
- c:\docume~1\amankwah\applic~1\infomp~1\boobcdromflap.exe
"2008-01-05 22:00:01 C:\WINDOWS\Tasks\BCD1AAF490BA5130.job"
- c:\docume~1\o0josi~1\applic~1\infomp~1\boobcdromflap.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 23:22:21
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-06 23:23:39
ComboFix-quarantined-files.txt 2008-01-06 22:23:08
.
2007-12-29 08:48:26 --- E O F ---

graag wil ik de malafide spyware XP antivirus 2008 op mijn pc verwijderen. help aub

Download de bijlage: CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.
Post ook een nieuw logje van Hijackthis en vertel of je nog problemen ondervindt