Mededeling

Collapse
No announcement yet.

hijackthis log

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • hijackthis log

    Hallo,
    Kan er eens iemand naar dit logje kijken?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:20:30, on 6-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\WScript.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\msnmsgr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\iPrint.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Mio Technology\MioSync\mioSync.exe
    C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [MSN Plus] C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\msnmsgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [iPrint Tray] C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\iPrint.exe
    O4 - HKLM\..\Run: [Windows Service] C:\Documents and Settings\Eigenaar\icqpiw.exe
    O4 - HKLM\..\Run: [wTask] C:\WINDOWS\Media\LTaskup.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
    O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKLM\..\Policies\Explorer\Run: [JANVANDYCK] .vbe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.scarlet.be/
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova_old/pano/prog/rundum.7.0.2.0.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kimmekevandyckkimpie.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137254980640
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://kimmekevandyck.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.com/clients/uploader_v2.1.0.53.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Eigenaar/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
    O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Eigenaar/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

    --
    End of file - 11047 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      Hallo,
      bedankt om even te kijken,ik doe er ook nog een hijackthis log bij heb ondertussen enkele wijzegingen doorgevoerd alvorens ik je reactie had gelezen.
      Wil je ook eens kijken naar het volgende ,telkens de pc opnieuw is opgestart heb ik als openingspagina 1-digital-media.com ,erg vervelend .
      groetjes en tot later.

      End of file - 11732 bytes
      ---RVAXO.exe Updated: 2008-01-15---first run---
      Files found:
      C:\WINDOWS\system32\cpmrot-uninst.exe

      Uninstallers Rogue scanners:


      Folders Found:

      C:\Program Files\WinUpdater
      C:\Program Files\laughnetwork

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------

      ComboFix 08-01-16.1 - Eigenaar 2008-01-16 23:31:58.2 - NTFSx86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.94 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))
      .

      2008-01-16 23:22 . 2008-01-16 23:22 <DIR> d-------- C:\RVAXO
      2008-01-16 23:20 . 2008-01-15 17:37 608,278 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-01-16 23:20 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-01-16 22:35 . 2008-01-16 22:37 <DIR> d-------- C:\Program Files\Windows Live Safety Center
      2008-01-16 19:59 . 2008-01-16 19:59 <DIR> d-------- C:\Program Files\Alwil Software
      2008-01-16 19:59 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
      2008-01-16 19:59 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
      2008-01-16 19:59 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
      2008-01-16 19:59 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
      2008-01-16 19:59 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
      2008-01-16 19:59 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
      2008-01-16 19:59 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
      2008-01-14 20:55 . 2008-01-14 20:55 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SurfRight
      2008-01-14 17:27 . 2008-01-14 17:27 <DIR> d-------- C:\Program Files\Alternative Software Ltd
      2008-01-14 17:25 . 2008-01-14 17:25 <DIR> dr-h----- C:\Documents and Settings\Eigenaar\Application Data\SecuROM
      2008-01-14 17:25 . 2008-01-14 17:25 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
      2008-01-14 14:15 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
      2008-01-14 14:15 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
      2008-01-14 14:15 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
      2008-01-14 14:15 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
      2008-01-14 01:34 . 2008-01-14 14:12 164 --a------ C:\install.dat
      2008-01-14 01:32 . 2008-01-14 01:31 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
      2008-01-14 01:32 . 2008-01-14 01:31 298,104 --a------ C:\WINDOWS\system32\imon.dll
      2008-01-14 01:32 . 2008-01-14 01:31 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
      2008-01-14 01:30 . 2008-01-14 01:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
      2008-01-14 01:27 . 2008-01-14 01:27 <DIR> d-------- C:\Program Files\SurfRight
      2008-01-14 01:27 . 2008-01-14 01:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight
      2008-01-14 01:16 . 2008-01-16 23:10 <DIR> d-------- C:\Program Files\Hitman Pro
      2008-01-11 20:53 . 2008-01-11 20:53 <DIR> d-------- C:\Program Files\Microsoft Silverlight
      2008-01-08 22:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2008-01-07 21:15 . 2008-01-14 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
      2008-01-04 17:09 . 2008-01-04 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
      2008-01-04 17:05 . 2008-01-07 22:33 <DIR> d-------- C:\Program Files\PCPitstop
      2008-01-02 21:38 . 2008-01-02 21:38 <DIR> d-------- C:\Program Files\Trend Micro
      2008-01-01 15:01 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2007-12-30 18:32 . 2007-12-30 18:32 <DIR> d-------- C:\My Pictures
      2007-12-30 18:32 . 2007-12-30 18:32 <DIR> d-------- C:\My Blog
      2007-12-30 12:12 . 2008-01-03 17:56 <DIR> d-------- C:\Program Files\Mio Technology
      2007-12-24 11:27 . 2007-12-24 11:27 386 --a------ C:\Documents and Settings\Eigenaar\xiklhj.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-16 22:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-01-16 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-16 19:34 --------- d-----w C:\Program Files\PlayMP3z
      2008-01-15 16:48 --------- d-----w C:\Program Files\Windows Media Connect 2
      2008-01-15 04:33 --------- d-----w C:\Program Files\Spyware Doctor
      2008-01-14 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-01-14 13:15 --------- d-----w C:\Program Files\Google
      2008-01-14 13:15 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\PC Tools
      2008-01-14 11:26 --------- d-----w C:\Program Files\EA GAMES
      2008-01-10 20:56 --------- d-----w C:\Program Files\Windows Live
      2008-01-10 20:54 --------- d-----w C:\Program Files\SUPERAntiSpyware
      2008-01-10 20:54 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\SUPERAntiSpyware.com
      2008-01-02 19:13 --------- d-----w C:\Program Files\Star Defender 4
      2008-01-02 19:12 --------- d-----w C:\Program Files\Microsoft Works
      2007-12-26 18:23 --------- d-----w C:\Program Files\RegistryFix
      2007-12-08 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
      2007-12-08 11:54 --------- d-----w C:\Program Files\MioTransfer
      2007-12-07 15:50 --------- d-----w C:\Program Files\Virtools Web Player 2.5
      2007-12-02 11:57 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Participatory Culture Foundation
      2007-11-28 12:58 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
      2007-11-28 12:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
      2007-11-28 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2007-10-27 20:09 50,704 -c--a-w C:\Documents and Settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT
      2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
      2007-09-11 11:24 189 ---ha-w C:\Documents and Settings\Eigenaar\Application Data\hpothb07.dat
      2007-09-07 18:52 0 ---ha-w C:\Program Files\hpothb07.tif
      2007-09-07 18:52 0 ---ha-w C:\Program Files\hpothb07.dat
      2007-09-07 17:44 169 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
      2007-09-07 17:44 167 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
      2007-08-16 15:26 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
      2007-08-16 15:22 185 ---ha-w C:\Documents and Settings\All Users\Application Data\hpothb07.dat
      2007-08-16 15:22 164 -c-ha-w C:\Documents and Settings\All Users\hpothb07.dat
      2007-06-26 11:45 47,360 ----a-w C:\Documents and Settings\Eigenaar\Application Data\pcouffin.sys
      2007-01-01 22:25 49 ----a-w C:\Documents and Settings\Eigenaar\Application Data\internaldb41.dat
      2007-01-01 22:25 337 ----a-w C:\Documents and Settings\Eigenaar\Application Data\internaldb1942.dat
      2006-12-31 18:09 9,216 ----a-w C:\Documents and Settings\Eigenaar\Application Data\internaldb8467.dat
      2006-12-31 18:09 20,480 ----a-w C:\Documents and Settings\Eigenaar\Application Data\internaldb4827.dat
      2006-12-31 18:09 0 ----a-w C:\Documents and Settings\Eigenaar\Application Data\internaldb6334.dat
      2006-12-31 18:09 0 ----a-w C:\Documents and Settings\Eigenaar\Application Data\internaldb5436.dat
      2006-10-06 23:13 7,168 --sha-w C:\Program Files\Common Files\Thumbs.db
      2005-12-02 20:02 491 ---ha-w C:\Documents and Settings\Eigenaar\hpothb07.dat
      .

      ((((((((((((((((((((((((((((( [email protected]_22.41.01.53 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2005-02-24 18:35:58 15,584 -c--a-w C:\WINDOWS\$hf_mig$\KB890046\spmsg.dll
      + 2005-02-24 19:35:58 15,584 -c--a-w C:\WINDOWS\$hf_mig$\KB890046\spmsg.dll
      - 2005-02-24 18:35:58 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB890046\spuninst.exe
      + 2005-02-24 19:35:58 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB890046\spuninst.exe
      - 2005-02-24 18:35:58 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB890046\update\spcustom.dll
      + 2005-02-24 19:35:58 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB890046\update\spcustom.dll
      - 2005-02-24 18:35:58 727,776 -c--a-w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
      + 2005-02-24 19:35:58 727,776 -c--a-w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
      - 2005-02-24 18:36:00 390,368 -c--a-w C:\WINDOWS\$hf_mig$\KB890046\update\updspapi.dll
      + 2005-02-24 19:36:00 390,368 -c--a-w C:\WINDOWS\$hf_mig$\KB890046\update\updspapi.dll
      + 2007-10-15 09:02:14 465,472 ----a-w C:\WINDOWS\Downloaded Program Files\wlscBase.dll
      - 2008-01-08 21:28:13 675,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
      + 2008-01-16 22:31:17 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
      - 2008-01-08 21:28:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
      + 2008-01-16 22:31:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
      - 2008-01-08 21:28:13 675,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
      + 2008-01-16 22:31:17 7,254,016 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
      - 2008-01-08 21:28:14 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
      + 2008-01-16 22:31:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
      - 2008-01-08 21:28:14 7,204,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
      + 2008-01-16 22:31:18 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
      - 2008-01-08 21:28:14 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
      + 2008-01-16 22:31:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
      - 2004-08-11 19:30:14 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe
      + 2007-06-27 14:57:10 317,952 ----a-w C:\WINDOWS\inf\unregmp2.exe
      - 2002-12-11 13:16:58 7,680 ----a-w C:\WINDOWS\system32\asferror.dll
      + 2006-10-18 20:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
      - 2004-08-11 19:30:12 482,304 ----a-w C:\WINDOWS\system32\audiodev.dll
      + 2006-10-18 20:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
      - 2004-08-10 23:36:48 233,472 ----a-w C:\WINDOWS\system32\blackbox.dll
      + 2006-10-18 20:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
      - 2004-08-10 22:45:16 161,792 ----a-w C:\WINDOWS\system32\cewmdm.dll
      + 2006-10-18 20:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
      - 2002-12-11 13:16:58 7,680 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
      + 2006-10-18 20:47:08 7,168 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
      - 2004-08-10 23:36:48 233,472 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
      + 2006-10-18 20:47:10 542,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
      - 2004-08-10 22:45:16 161,792 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
      + 2006-10-18 20:47:10 229,376 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
      - 2004-08-10 23:36:58 527,360 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
      + 2006-10-18 20:47:10 991,744 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
      - 2004-08-10 20:07:06 6,656 ----a-w C:\WINDOWS\system32\dllcache\laprxy.dll
      + 2006-10-18 20:47:14 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
      - 2004-08-10 19:46:46 96,768 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
      + 2006-10-18 19:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
      - 2004-08-03 23:03:14 384,512 ----a-w C:\WINDOWS\system32\dllcache\mp4sdmod.dll
      + 2006-10-18 20:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP4SDMOD.dll
      - 2004-08-03 23:03:14 240,640 ----a-w C:\WINDOWS\system32\dllcache\mpg4dmod.dll
      + 2006-10-18 20:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MPG4DMOD.dll
      - 2004-08-11 19:30:12 344,064 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
      + 2006-10-18 20:47:14 243,712 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
      - 2004-08-10 23:36:42 141,312 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
      + 2006-10-18 20:47:16 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
      - 2004-08-10 22:45:16 25,088 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
      + 2006-10-18 20:47:16 27,136 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
      - 2004-08-10 22:45:16 169,472 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
      + 2006-10-18 20:47:16 175,616 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
      - 2004-08-10 23:38:46 360,176 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
      + 2006-12-04 15:21:50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
      - 2004-08-11 19:30:12 311,808 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
      + 2006-10-18 20:47:16 321,536 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
      - 2004-08-10 22:45:18 221,184 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
      + 2006-10-18 20:47:18 211,456 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
      - 2004-09-13 11:16:08 823,296 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
      + 2006-11-01 17:31:38 1,669,120 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
      - 2004-08-11 19:30:14 192,512 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
      + 2007-06-27 14:57:10 317,952 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
      - 2004-08-10 23:38:48 380,144 ----a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
      + 2006-10-18 20:47:18 757,248 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
      - 2004-08-10 22:45:16 712,704 ----a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
      + 2006-10-18 20:47:18 1,117,696 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
      - 2007-10-20 05:01:32 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
      + 2007-10-25 08:28:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
      - 2004-08-10 22:45:16 30,208 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
      + 2006-10-18 20:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
      - 2004-08-10 22:45:16 34,304 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
      + 2006-10-18 20:47:18 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
      - 2004-08-11 19:30:24 209,920 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
      + 2006-10-18 20:47:20 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
      - 2004-08-10 20:07:06 150,016 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
      + 2006-10-18 20:47:20 157,184 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
      - 2004-08-10 22:41:04 1,027,072 ----a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
      + 2006-10-18 20:47:20 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
      - 2007-04-30 06:20:24 5,537,792 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
      + 2007-06-11 22:51:12 10,834,944 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
      - 2004-08-10 22:45:16 135,168 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
      + 2006-10-18 20:47:20 242,688 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
      - 2004-08-11 19:30:14 77,824 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
      + 2006-10-18 20:47:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
      - 2004-08-10 22:45:16 282,624 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
      + 2006-10-18 20:47:20 314,880 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
      - 2004-08-11 19:30:14 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
      + 2006-10-18 20:46:20 64,000 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
      - 2004-08-11 19:30:14 3,403,776 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll
      + 2006-10-18 20:47:20 8,231,936 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
      - 2004-08-11 19:30:16 86,016 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
      + 2006-10-18 20:47:20 99,840 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
      - 2004-08-10 23:39:00 773,368 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
      + 2006-10-18 20:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
      - 2004-08-10 22:45:14 1,116,160 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
      + 2006-10-18 20:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
      - 2004-08-10 23:38:52 531,192 ----a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
      + 2006-10-18 20:47:22 603,648 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
      - 2004-08-10 22:45:14 936,960 ----a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
      + 2006-10-18 20:47:22 1,329,152 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
      - 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
      + 2006-10-18 20:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
      - 2004-08-10 23:38:56 871,160 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
      + 2006-10-18 20:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
      - 2004-08-10 22:45:14 999,424 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
      + 2006-10-18 20:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
      + 2007-09-19 12:06:14 16,344 --s-a-w C:\WINDOWS\system32\drivers\ctredrv.sys
      + 2006-10-18 20:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
      - 2004-08-10 20:05:50 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
      + 2006-10-18 19:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
      + 2006-10-18 19:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
      - 2004-08-10 23:36:58 527,360 ----a-w C:\WINDOWS\system32\drmv2clt.dll
      + 2006-10-18 20:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
      - 2004-08-10 20:07:06 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
      + 2006-10-18 20:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
      - 2004-08-10 19:46:46 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
      + 2006-10-18 19:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
      + 2006-10-18 20:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
      + 2006-10-18 20:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
      - 2004-08-03 23:03:14 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
      + 2006-10-18 20:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
      + 2006-10-18 20:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
      - 2004-08-03 23:03:14 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
      + 2006-10-18 20:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
      + 2006-10-18 20:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
      - 2004-08-03 23:03:14 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
      + 2006-10-18 20:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
      - 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
      + 2008-01-02 09:21:38 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
      - 2004-08-10 23:36:42 141,312 ----a-w C:\WINDOWS\system32\msnetobj.dll
      + 2006-10-18 20:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
      - 2004-08-10 22:45:16 25,088 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
      + 2006-10-18 20:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
      - 2004-08-10 22:45:16 169,472 ----a-w C:\WINDOWS\system32\mspmsp.dll
      + 2006-10-18 20:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
      - 2004-08-10 23:38:46 360,176 ----a-w C:\WINDOWS\system32\msscp.dll
      + 2006-12-04 15:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
      - 2004-08-11 19:30:12 311,808 ----a-w C:\WINDOWS\system32\mswmdm.dll
      + 2006-10-18 20:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
      - 2007-11-21 12:14:19 63,016 ----a-w C:\WINDOWS\system32\perfc009.dat
      + 2008-01-14 13:16:53 63,016 ----a-w C:\WINDOWS\system32\perfc009.dat
      - 2007-11-21 12:14:19 82,078 ----a-w C:\WINDOWS\system32\perfc013.dat
      + 2008-01-14 13:16:53 82,078 ----a-w C:\WINDOWS\system32\perfc013.dat
      - 2007-11-21 12:14:19 402,406 ----a-w C:\WINDOWS\system32\perfh009.dat
      + 2008-01-14 13:16:53 402,406 ----a-w C:\WINDOWS\system32\perfh009.dat
      - 2007-11-21 12:14:19 467,130 ----a-w C:\WINDOWS\system32\perfh013.dat
      + 2008-01-14 13:16:53 467,130 ----a-w C:\WINDOWS\system32\perfh013.dat
      + 2006-10-18 20:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
      + 2006-10-18 20:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
      + 2006-10-18 20:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
      + 2006-10-18 20:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
      + 2006-10-18 20:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
      - 2004-08-10 22:45:18 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
      + 2006-10-18 20:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
      + 2007-04-13 09:25:52 351,599 ----a-w C:\WINDOWS\system32\Spider-man Super Hero Kit.scr
      - 2006-10-16 15:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll
      + 2006-09-25 16:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
      - 2004-08-10 20:05:20 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
      + 2006-10-18 20:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
      - 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
      + 2008-01-03 18:47:58 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
      - 2004-08-10 20:05:12 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
      + 2006-10-18 20:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
      - 2004-08-10 20:05:14 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
      + 2006-10-18 20:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
      - 2004-08-10 23:38:48 380,144 ----a-w C:\WINDOWS\system32\wmadmod.dll
      + 2006-10-18 20:47:18 757,248 ----a-w C:\WINDOWS\system32\wmadmod.dll
      - 2004-08-10 22:45:16 712,704 ----a-w C:\WINDOWS\system32\wmadmoe.dll
      + 2006-10-18 20:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
      - 2007-10-20 05:01:32 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
      + 2007-10-25 08:28:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
      - 2004-08-10 22:45:16 30,208 ----a-w C:\WINDOWS\system32\wmdmlog.dll
      + 2006-10-18 20:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
      - 2004-08-10 22:45:16 34,304 ----a-w C:\WINDOWS\system32\wmdmps.dll
      + 2006-10-18 20:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
      - 2004-08-10 23:37:04 344,064 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
      + 2006-10-18 20:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
      - 2004-08-10 23:37:06 290,816 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
      + 2006-10-18 20:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
      + 2006-10-18 20:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
      - 2004-08-11 19:30:24 209,920 ----a-w C:\WINDOWS\system32\wmerror.dll
      + 2006-10-18 20:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
      - 2004-08-10 20:07:06 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
      + 2006-10-18 20:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
      - 2004-08-10 22:41:04 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
      + 2006-10-18 20:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
      - 2007-04-30 06:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
      + 2007-06-11 22:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
      - 2004-08-10 22:45:16 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll
      + 2006-10-18 20:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
      - 2004-08-10 22:45:16 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll
      + 2006-10-18 20:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
      + 2006-10-18 20:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
      - 2004-08-10 22:45:14 1,589,760 ----a-w C:\WINDOWS\system32\wmpencen.dll
      + 2006-10-18 20:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
      - 2004-08-11 19:30:14 3,403,776 ----a-w C:\WINDOWS\system32\wmploc.dll
      + 2006-10-18 20:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
      + 2006-10-18 20:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
      + 2006-10-18 20:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
      - 2004-08-11 19:30:16 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
      + 2006-10-18 20:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
      - 2004-08-10 22:45:14 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
      + 2006-10-18 20:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
      - 2004-08-10 23:39:00 773,368 ----a-w C:\WINDOWS\system32\wmsdmod.dll
      + 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
      - 2004-08-10 22:45:14 1,116,160 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
      + 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
      - 2004-08-10 23:38:52 531,192 ----a-w C:\WINDOWS\system32\wmspdmod.dll
      + 2006-10-18 20:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
      - 2004-08-10 22:45:14 936,960 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
      + 2006-10-18 20:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
      - 2004-08-10 23:38:52 1,181,944 ----a-w C:\WINDOWS\system32\wmvadvd.dll
      + 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
      - 2004-08-10 22:45:18 1,509,376 ----a-w C:\WINDOWS\system32\wmvadve.dll
      + 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
      - 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
      + 2006-10-18 20:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
      + 2006-10-18 20:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
      - 2004-08-10 23:38:56 871,160 ----a-w C:\WINDOWS\system32\wmvdmod.dll
      + 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
      - 2004-08-10 22:45:14 999,424 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
      + 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
      + 2006-10-18 20:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
      + 2006-10-18 20:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
      + 2006-10-18 20:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
      + 2006-10-18 20:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
      - 2004-08-10 20:05:56 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
      + 2006-10-18 20:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
      - 2004-08-10 20:05:44 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
      + 2006-10-18 20:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
      - 2004-08-10 20:05:46 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
      + 2006-10-18 20:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
      - 2004-08-10 20:05:46 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
      + 2006-10-18 20:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
      + 2006-10-18 20:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
      + 2006-10-18 19:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
      + 2006-11-02 10:52:46 42,496 ------w C:\WINDOWS\system32\wpdshextres.dll
      + 2006-10-18 20:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
      - 2004-08-10 20:05:54 327,680 ----a-w C:\WINDOWS\system32\wpdsp.dll
      + 2006-10-18 20:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
      + 2008-01-16 22:22:16 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_678.dat
      .
      -- Snapshot reset to current date --
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-16 17:25 68856]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-01 18:00 32881]
      "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
      "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50 221184]
      "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 00:03 144384]
      "Camera Detector"="C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe" [2003-06-17 13:43 208896]
      "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
      "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
      "CaretakerNotifier"="C:\Program Files\SurfRight\Caretaker\Notifier.exe" [2008-01-10 19:48 492792]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      hp psc 1000 series.lnk - C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe [2004-12-02 16:03:44]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
      MioSync.lnk - C:\Program Files\Mio Technology\MioSync\mioSync.exe [2007-12-30 12:13:06]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
      --a------ 2006-08-07 09:02 476672 C:\Program Files\SPAMfighter\SFAgent.exe

      R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-07-29 23:13]
      R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-07-29 23:13]
      R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-07-29 23:13]
      R1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys [2007-09-19 13:06]
      R2 CaretakerAntispam;Caretaker Antispam Service;"C:\Program Files\SurfRight\Caretaker\AntispamService.exe" [2008-01-10 19:48]
      R2 CaretakerProxy;Caretaker Proxy;"C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe" [2008-01-10 19:47]
      R2 CaretakerSvc;Caretaker Service;"C:\Program Files\SurfRight\Caretaker\CaretakerService.exe" [2008-01-10 19:47]
      R2 CaretakerUpdate;Caretaker Updater;"C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe" [2008-01-10 19:48]
      S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 18:14]
      S3 EIC2400;EICON DIVA 2400 Series Virtual LAN Adapter for USB driver;C:\WINDOWS\system32\DRIVERS\EIC2400.sys [2000-05-25 10:37]
      S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);C:\WINDOWS\system32\Drivers\grmn0200.sys [2007-01-05 14:51]
      S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;C:\WINDOWS\system32\Drivers\grmn1200.sys [2007-01-05 14:51]
      S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 16:57]
      S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 16:58]
      S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 16:59]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0948f396-b7b0-11dc-972c-00112f5b5069}]
      \Shell\AutoRun\command - wscript.exe .\.vbs
      \Shell\open\command - wscript.exe .\.vbs

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a63be269-b972-11dc-9731-00112f5b5069}]
      \Shell\AutoRun\command - wscript.exe .\.vbs
      \Shell\open\command - wscript.exe .\.vbs

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-01-15 06:49:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2005-03-22 22:36:27 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1102009042.job"
      - C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe4-I
      "2007-06-23 07:59:03 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
      - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
      "2008-01-15 02:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
      - C:\Program Files\RegistrySmart\RegistrySmart.ex
      - C:\Program Files\RegistrySmart
      "2006-08-27 13:41:39 C:\WINDOWS\Tasks\WTR.job"
      - C:\Program Files\BulletProofSoft.com\WinTrace Remover\wtr
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-16 23:42:02
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-01-16 23:44:49
      ComboFix-quarantined-files.txt 2008-01-16 22:44:36
      ComboFix2.txt 2008-01-09 21:41:17
      .
      2008-01-16 17:52:03 --- E O F ---

      Comment


      • #4
        Ik stuur je ook nog een hijackthis logje omdat er sinds het vorige al wat veranderd is.
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 0:10:58, on 17-1-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16574)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\SurfRight\Caretaker\AntispamService.exe
        C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
        C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\SCardSvr.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\Program Files\Eset\nod32krn.exe
        C:\WINDOWS\System32\HPZipm12.exe
        C:\Program Files\Spyware Doctor\pctsAuxs.exe
        C:\Program Files\Spyware Doctor\pctsSvc.exe
        C:\WINDOWS\system32\notepad.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\System32\alg.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
        C:\windows\system\hpsysdrv.exe
        C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
        C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
        C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Spyware Doctor\pctsTray.exe
        C:\Program Files\SurfRight\Caretaker\Notifier.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
        C:\Program Files\Mio Technology\MioSync\mioSync.exe
        C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
        C:\WINDOWS\explorer.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
        C:\WINDOWS\System32\wbem\wmiprvse.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1-digital-media.com
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
        O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
        O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
        O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
        O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
        O4 - Global Startup: hp psc 1000 series.lnk = ?
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O14 - IERESET.INF: START_PAGE_URL=http://www.scarlet.be/
        O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
        O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
        O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
        O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
        O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
        O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova_old/pano/prog/rundum.7.0.2.0.cab
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kimmekevandyckkimpie.spaces.live.com//PhotoUpload/MsnPUpld.cab
        O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
        O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
        O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
        O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137254980640
        O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
        O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://kimmekevandyck.spaces.live.com/PhotoUpload/MsnPUpld.cab
        O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
        O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
        O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
        O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.com/clients/uploader_v2.1.0.53.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
        O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
        O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5201/mcfscan.cab
        O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
        O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
        O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
        O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe
        O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
        O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
        O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
        O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
        O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
        O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

        --
        End of file - 11698 bytes

        Comment


        • #5
          Zou je Hitman Pro eens volledig willen verwijderen(inclusief alle trialcomponenten: NOD32, Spyware Doctor e.d.)
          Deze zit namelijk eerder in de weg dan dat je daar nog voordelen van ondervindt.

          Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regel:
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1-digital-media.com
          Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

          Open hijackthis, klik 'config' (rechts onderaan)
          Kies de tab 'misc Tools' bovenaan.
          Kies 'delete a file on reboot'
          In het veld, kopieer en plak het volgend lijntje:

          C:\Documents and Settings\Eigenaar\xiklhj.exe

          Klik open.
          Hijackthis zal je zeggen dat dit bestand zal verwijderen worden na volgende reboot en of je nu wilt rebooten.
          Klik ja/ok

          Je pc zal nu rebooten.

          Post na de herstart een nieuw logje van Hijackthis en vertel hoe het nu gaat

          Comment


          • #6
            Hallo,
            Ik heb volgens mij alles van hitman pro verwijderd ?
            De andere stappen heb ik ook uitgevoerd ,mijn homepage is alvast niet meer 1-digital-media ,zeer goed .
            Ziehier mijn nieuwe logje :

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 21:41:31, on 17-1-2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16574)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            C:\Program Files\Alwil Software\Avast4\ashServ.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
            C:\windows\system\hpsysdrv.exe
            C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
            C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
            C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
            C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
            C:\Program Files\QuickTime\qttask.exe
            C:\Program Files\iTunes\iTunesHelper.exe
            C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
            C:\Program Files\Mio Technology\MioSync\mioSync.exe
            C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
            C:\WINDOWS\System32\HPZipm12.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
            C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
            C:\Program Files\iPod\bin\iPodService.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
            O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
            O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
            O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
            O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
            O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
            O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
            O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
            O4 - Global Startup: hp psc 1000 series.lnk = ?
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
            O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
            O14 - IERESET.INF: START_PAGE_URL=http://www.scarlet.be/
            O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
            O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
            O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
            O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
            O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
            O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova_old/pano/prog/rundum.7.0.2.0.cab
            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kimmekevandyckkimpie.spaces.live.com//PhotoUpload/MsnPUpld.cab
            O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
            O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
            O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
            O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137254980640
            O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
            O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://kimmekevandyck.spaces.live.com/PhotoUpload/MsnPUpld.cab
            O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
            O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
            O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
            O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
            O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.com/clients/uploader_v2.1.0.53.cab
            O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
            O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
            O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
            O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5201/mcfscan.cab
            O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
            O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
            O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
            O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
            O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
            O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
            O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
            O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

            --
            End of file - 9292 bytes

            Comment


            • #7
              Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
              Dit zal alles van RVAXO doen verwijderen.

              Je Java software is verouderd. oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
              Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
              • Download Java Runtime Environment (JRE) 6u4.
              • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4".
              • Klik op de "Download" knop aan de rechterkant.
              • In het uitklapmenu rechts naast Platform, selecteer Windows
              • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op Continue.
              • De pagina zal herladen.
              • Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
              • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
              • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
              • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
              • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
              • Herhaal dit tot alle oudere versies verdwenen zijn.
              • Na het verwijderen van alle oudere versies, herstart je pc.
              • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


              Download ATF cleaner (mirror)(gemaakt door Atribune)

              Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

              Dubbelklik op ATF cleaner om het programma te starten.
              Op het tabblad "Main", plaats je een vinkje bij Select All.
              Klik op de knop Empty Selected.

              Het volgende doen als je ook FireFox als browser hebt:
              Klik op tabblad "Firefox", plaats een vinkje bij Select All.
              Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
              (dit haalt het vinkje weer weg bij "Firefox saved passwords")
              Klik op de knop Empty Selected.

              Het volgende doen als je ook Opera als browser hebt:
              Klik op tabblad "Opera", plaats een vinkje bij Select All.
              Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
              Klik op de knop Empty Selected.
              Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

              Ga naar Start - Uitvoeren en geef hier het volgende in:
              Combofix /U
              Druk daarna op OK.
              Let op: Er moet een spatie tussen Combofix en /U zitten.

              Dit zal Combofix deïnstalleren.

              Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
              Kijk hier hoe je je systeemherstel moet uitschakelen.
              Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

              Post als laatste nog een nieuw logje van Hijackthis ter controle

              Comment


              • #8
                hallo,
                Alles uitgevoerd zoals je gevraagd hebt.
                zie hier mijn nieuwe logje

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 17:39:55, on 18-1-2008
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                C:\Program Files\Alwil Software\Avast4\ashServ.exe
                C:\WINDOWS\Explorer.EXE
                C:\WINDOWS\system32\spoolsv.exe
                C:\windows\system\hpsysdrv.exe
                C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
                C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
                C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
                C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                C:\Program Files\QuickTime\qttask.exe
                C:\Program Files\iTunes\iTunesHelper.exe
                C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                C:\WINDOWS\System32\HPZipm12.exe
                C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Mio Technology\MioSync\mioSync.exe
                C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
                C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\iPod\bin\iPodService.exe
                C:\WINDOWS\system32\wuauclt.exe
                C:\Program Files\internet explorer\iexplore.exe
                C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
                O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
                O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
                O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
                O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
                O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
                O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
                O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
                O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                O4 - Global Startup: hp psc 1000 series.lnk = ?
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
                O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                O14 - IERESET.INF: START_PAGE_URL=http://www.scarlet.be/
                O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
                O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
                O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
                O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
                O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova_old/pano/prog/rundum.7.0.2.0.cab
                O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kimmekevandyckkimpie.spaces.live.com//PhotoUpload/MsnPUpld.cab
                O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
                O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
                O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
                O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137254980640
                O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
                O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://kimmekevandyck.spaces.live.com/PhotoUpload/MsnPUpld.cab
                O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
                O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
                O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
                O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
                O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.com/clients/uploader_v2.1.0.53.cab
                O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
                O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
                O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5201/mcfscan.cab
                O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
                O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
                O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
                O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

                --
                End of file - 9493 bytes

                Comment


                • #9
                  Ziet er weer prima uit

                  Comment

                  Sorry, you are not authorized to view this page
                  Working...
                  X