Mededeling

Collapse
No announcement yet.

Wie kan mij dringend helpen (examen )+logfile

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Wie kan mij dringend helpen (examen )+logfile

    logfile van noel

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:26:01, on 28/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Easy Computing\PC Cleaner 3.0\Shield.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\AutoCAD 2006\AutoCAD 2006 Vertaler\XLStart.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Common Files\Acronis\ProcessActivityMonitor\paamsrv.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe
    C:\WINDOWS\explorer.exe
    D:\Agent\VProTray.exe
    D:\Agent\VProSvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\dumprep.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: SXG Advisor - {A2190857-2B7C-46E1-851B-F8919A2DE836} - C:\WINDOWS\dntpkwolxs.dll
    O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
    O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\EASYCO~1\PCCLEA~1.0\Blocker.dll
    O3 - Toolbar: ekxdvft - {D7257984-3F99-4D51-87C6-4D5E111DEBA9} - C:\WINDOWS\ekxdvft.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [Easy Computing Popup Blocker] RunDll32.exe C:\PROGRA~1\EASYCO~1\PCCLEA~1.0\Blocker.dll,Run
    O4 - HKLM\..\Run: [SpyWare Shield] "C:\Program Files\Easy Computing\PC Cleaner 3.0\Shield.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Norton Ghost 12.0] "D:\Agent\VProTray.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: AutoCAD 2006 Vertaler.lnk = C:\Program Files\AutoCAD 2006\AutoCAD 2006 Vertaler\XLStart.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: PC Cleaner 3.0 Pop-ups blokkeren - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\EASYCO~1\PCCLEA~1.0\Blocker.dll
    O9 - Extra 'Tools' menuitem: Pop-ups blokkeren - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\EASYCO~1\PCCLEA~1.0\Blocker.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O21 - SSODL: bgrlsmn - {DE53F2F6-C34C-4FE7-BDC8-B8C5F8979FAD} - C:\WINDOWS\bgrlsmn.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Norton Ghost - Symantec Corporation - D:\Agent\VProSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Process Activity Monitor (paamsrv) - Unknown owner - C:\Program Files\Common Files\Acronis\ProcessActivityMonitor\paamsrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 13963 bytes

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post ook een nieuw logje van Hijackthis

    Comment


    • #3
      nieuw log moet iedermaal terug opstarten alles blokeerd

      wil niet starten bij mij hier
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:43:09, on 28/01/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\WINDOWS\SiSUSBrg.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\CyberLink\PowerCinema\PCMService.exe
      C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
      C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
      C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
      C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\Program Files\Easy Computing\PC Cleaner 3.0\Shield.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
      C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
      C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
      D:\Agent\VProTray.exe
      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
      C:\Program Files\Spyware Doctor\SDTrayApp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
      C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
      C:\Program Files\AutoCAD 2006\AutoCAD 2006 Vertaler\XLStart.exe
      C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
      C:\Program Files\Portrait Displays\Pivot Software\floater.exe
      C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\PROGRA~1\INCRED~1\bin\IMApp.exe
      C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
      C:\Program Files\Eset\nod32krn.exe
      D:\Agent\VProSvc.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
      C:\Program Files\Cyberlink\Shared files\RichVideo.exe
      C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
      C:\Program Files\Spyware Doctor\svcntaux.exe
      C:\Program Files\Spyware Doctor\swdsvc.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      C:\Program Files\Common Files\Acronis\ProcessActivityMonitor\paamsrv.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
      O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: SXG Advisor - {A2190857-2B7C-46E1-851B-F8919A2DE836} - C:\WINDOWS\dntpkwolxs.dll
      O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
      O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\EASYCO~1\PCCLEA~1.0\Blocker.dll
      O3 - Toolbar: ekxdvft - {D7257984-3F99-4D51-87C6-4D5E111DEBA9} - C:\WINDOWS\ekxdvft.dll
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
      O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
      O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [Easy Computing Popup Blocker] RunDll32.exe C:\PROGRA~1\EASYCO~1\PCCLEA~1.0\Blocker.dll,Run
      O4 - HKLM\..\Run: [SpyWare Shield] "C:\Program Files\Easy Computing\PC Cleaner 3.0\Shield.exe"
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
      O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
      O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
      O4 - HKLM\..\Run: [Norton Ghost 12.0] "D:\Agent\VProTray.exe"
      O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
      O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
      O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: AutoCAD 2006 Vertaler.lnk = C:\Program Files\AutoCAD 2006\AutoCAD 2006 Vertaler\XLStart.exe
      O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
      O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: PC Cleaner 3.0 Pop-ups blokkeren - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\EASYCO~1\PCCLEA~1.0\Blocker.dll
      O9 - Extra 'Tools' menuitem: Pop-ups blokkeren - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\EASYCO~1\PCCLEA~1.0\Blocker.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
      O21 - SSODL: bgrlsmn - {DE53F2F6-C34C-4FE7-BDC8-B8C5F8979FAD} - C:\WINDOWS\bgrlsmn.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
      O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
      O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Norton Ghost - Symantec Corporation - D:\Agent\VProSvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Process Activity Monitor (paamsrv) - Unknown owner - C:\Program Files\Common Files\Acronis\ProcessActivityMonitor\paamsrv.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

      --
      End of file - 13588 bytes

      Comment


      • #4
        Download OTMoveIt.exe en plaats het op je bureaublad: OTMoveIt.exe
        Open OTMoveIt.exe.
        In het linkerpaneel, waar staat: "Paste List of Files/Folders to be Moved" ,kopieer en plak je onderstaand vetgedrukt tekst:

        C:\WINDOWS\dntpkwolxs.dll
        C:\WINDOWS\ekxdvft.dll
        C:\WINDOWS\bgrlsmn.dll


        Daarna klik je op de MoveIt knop onderaan.
        Wanneer het programma voltooid is zal het een log aanmaken (********_******.log -- de * staat voor datum en tijd) in volgende map: C:\_OTMoveIt\MovedFiles\
        Kopieer en plak de inhoud van die log in je volgende post.


        Download Deckard's System Scanner naar je Bureaublad.
        • Sluit alle toepassingen en vensters.
        • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
        • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
        • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

        Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
        - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
        Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
        Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

        Comment


        • #5
          OTMoveIt.exe deze kan ik niet binnenhalen op geen enkel manier

          Comment


          • #6
            Doen we wat anders, zoek de volgende bestanden op:

            C:\WINDOWS\dntpkwolxs.dll
            C:\WINDOWS\ekxdvft.dll
            C:\WINDOWS\bgrlsmn.dll

            Verander de naam van deze bestanden(rechtsklikken en kiezen voor "Naam wijzigen")
            C:\WINDOWS\dntpkwolxs.dll --> C:\WINDOWS\dntpkwolxs.bak
            C:\WINDOWS\ekxdvft.dll --> C:\WINDOWS\ekxdvft.bak
            C:\WINDOWS\bgrlsmn.dll --> C:\WINDOWS\bgrlsmn.bak

            Herstart je computer.

            Post dan het logje van Deckard's System Scanner.

            Comment


            • #7
              logje van Deckard's System Scanner

              Deckard's System Scanner v20071014.68
              Run by Noel on 2008-01-28 17:28:30
              Computer is in Normal Mode.
              --------------------------------------------------------------------------------

              -- System Restore --------------------------------------------------------------

              Successfully created a Deckard's System Scanner Restore Point.


              -- Last 5 Restore Point(s) --
              21: 2008-01-28 16:28:55 UTC - RP196 - Deckard's System Scanner Restore Point
              20: 2008-01-28 15:38:43 UTC - RP195 - Niet-ondertekend stuurprogramma installeren
              19: 2008-01-28 12:46:58 UTC - RP194 - Before uninstall Windows Installer 3.1 (KB893803)
              18: 2008-01-28 12:44:29 UTC - RP193 - Before uninstall Hitman Pro
              17: 2008-01-28 01:11:48 UTC - RP192 - Before uninstall WebVideo Support


              -- First Restore Point --
              1: 2008-01-24 20:47:40 UTC - RP176 - Before uninstall GrandBackup Personal 1.3


              Backed up registry hives.
              Performed disk cleanup.

              Percentage of Memory in Use: 86% (more than 75%).


              -- HijackThis (run as Noel.exe) ------------------------------------------------

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 17:31:05, on 28/01/2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16574)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\csrss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Windows Defender\MsMpEng.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\WINDOWS\system32\spoolsv.exe
              c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Eset\nod32kui.exe
              C:\WINDOWS\system32\RunDll32.exe
              C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
              C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
              C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
              C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
              C:\Program Files\CyberLink\PowerCinema\PCMService.exe
              C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
              C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
              C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
              C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
              C:\WINDOWS\system32\RUNDLL32.EXE
              C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
              C:\WINDOWS\system32\RunDll32.exe
              C:\Program Files\Easy Computing\PC Cleaner 3.0\Shield.exe
              C:\Program Files\Windows Defender\MSASCui.exe
              C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
              C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
              C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
              C:\Program Files\Spyware Doctor\SDTrayApp.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
              C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
              C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
              C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
              C:\Program Files\AutoCAD 2006\AutoCAD 2006 Vertaler\XLStart.exe
              C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
              C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
              C:\Program Files\Portrait Displays\Pivot Software\floater.exe
              C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
              C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
              C:\PROGRA~1\INCRED~1\bin\IMApp.exe
              C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
              C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
              C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
              C:\Program Files\Eset\nod32krn.exe
              C:\WINDOWS\system32\nvsvc32.exe
              C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
              C:\Program Files\Cyberlink\Shared files\RichVideo.exe
              C:\Program Files\Spyware Doctor\svcntaux.exe
              C:\Program Files\Spyware Doctor\swdsvc.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\wdfmgr.exe
              C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
              C:\Program Files\Common Files\Acronis\ProcessActivityMonitor\paamsrv.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
              C:\WINDOWS\system32\HPZipm12.exe
              C:\WINDOWS\system32\msiexec.exe
              C:\Documents and Settings\Noel\Bureaublad\dss.exe
              C:\WINDOWS\System32\alg.exe
              C:\PROGRA~1\TRENDM~1\HIJACK~1\Noel.exe
              C:\WINDOWS\System32\wbem\wmiprvse.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
              O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
              O2 - BHO: SXG Advisor - {A2190857-2B7C-46E1-851B-F8919A2DE836} - C:\WINDOWS\dntpkwolxs.dll (file missing)
              O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
              O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\EASYCO~1\PCCLEA~1.0\Blocker.dll
              O3 - Toolbar: ekxdvft - {D7257984-3F99-4D51-87C6-4D5E111DEBA9} - C:\WINDOWS\ekxdvft.dll (file missing)
              O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
              O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
              O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
              O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
              O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
              O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
              O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
              O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
              O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
              O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
              O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
              O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
              O4 - HKLM\..\Run: [Easy Computing Popup Blocker] RunDll32.exe C:\PROGRA~1\EASYCO~1\PCCLEA~1.0\Blocker.dll,Run
              O4 - HKLM\..\Run: [SpyWare Shield] "C:\Program Files\Easy Computing\PC Cleaner 3.0\Shield.exe"
              O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
              O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
              O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
              O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
              O4 - HKLM\..\Run: [Norton Ghost 12.0] "D:\Agent\VProTray.exe"
              O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
              O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
              O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
              O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
              O4 - Global Startup: AutoCAD 2006 Vertaler.lnk = C:\Program Files\AutoCAD 2006\AutoCAD 2006 Vertaler\XLStart.exe
              O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
              O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
              O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
              O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra button: PC Cleaner 3.0 Pop-ups blokkeren - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\EASYCO~1\PCCLEA~1.0\Blocker.dll
              O9 - Extra 'Tools' menuitem: Pop-ups blokkeren - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\EASYCO~1\PCCLEA~1.0\Blocker.dll
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
              O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
              O21 - SSODL: bgrlsmn - {DE53F2F6-C34C-4FE7-BDC8-B8C5F8979FAD} - C:\WINDOWS\bgrlsmn.dll (file missing)
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
              O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
              O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
              O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
              O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
              O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
              O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
              O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
              O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
              O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
              O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
              O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
              O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
              O23 - Service: Norton Ghost - Symantec Corporation - D:\Agent\VProSvc.exe
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
              O23 - Service: Process Activity Monitor (paamsrv) - Unknown owner - C:\Program Files\Common Files\Acronis\ProcessActivityMonitor\paamsrv.exe
              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
              O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
              O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
              O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
              O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

              --
              End of file - 13741 bytes

              -- File Associations -----------------------------------------------------------

              .scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


              -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

              R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
              R0 timounter (Acronis True Image Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
              R1 Pivot - c:\windows\system32\drivers\pivot.sys <Not Verified; Portrait Displays, Inc.; Windows (R) 2000 DDK driver>
              R1 VD_FileDisk - c:\windows\system32\drivers\vd_filedisk.sys <Not Verified; Flint Incorporation; VD_FileDisk>
              R2 DLPortIO (DriverLINX Port I/O Driver) - c:\windows\system32\drivers\dlportio.sys
              R2 pamondrv (Process Activity Acronis Monitor) - c:\windows\system32\drivers\pamondrv.sys
              R2 tifsfilter (Acronis True Image FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; Acronis True Image>
              R3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
              R3 pdiddcci (DDC/CI monitor) - c:\windows\system32\drivers\pdiddcci.sys <Not Verified; Portrait Displays, Inc.; Portrait Displays DDC/CI Monitor Device Driver>
              R3 pivotmou (Pivot Mouse/Pointers Filter Driver) - c:\windows\system32\drivers\pivotmou.sys <Not Verified; Portrait Displays, Inc.; Pivot (R) Software (R)>

              S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>


              -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

              R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\cyberlink\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
              R2 DTSRVC (Portrait Displays Display Tune Service) - c:\program files\common files\portrait displays\shared\dtsrvc.exe
              R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
              R2 paamsrv (Process Activity Monitor) - "c:\program files\common files\acronis\processactivitymonitor\paamsrv.exe"
              R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
              R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
              R2 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>

              S2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\cyberlink\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
              S3 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)


              -- Device Manager: Disabled ----------------------------------------------------

              No disabled devices found.


              -- Scheduled Tasks -------------------------------------------------------------

              2008-01-28 17:27:30 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


              -- Files created between 2007-12-28 and 2008-01-28 -----------------------------

              2008-01-28 16:43:50 0 d-------- C:\Program Files\SpywareBlaster
              2008-01-28 15:26:59 0 d-------- C:\RVAXO
              2008-01-28 15:08:23 28672 --a------ C:\WINDOWS\system32\RVAXO.bat
              2008-01-28 15:08:23 16384 --a------ C:\WINDOWS\system32\Restart.exe <Not Verified; WareSoft Software; restart>
              2008-01-28 15:08:23 69632 --a------ C:\WINDOWS\system32\remove.exe
              2008-01-28 15:08:23 7048 --a------ C:\WINDOWS\system32\fixp.bat
              2008-01-28 14:41:11 0 d-------- C:\Documents and Settings\Noel\Application Data\MSN6
              2008-01-28 14:41:11 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
              2008-01-27 21:48:51 0 d-------- C:\Program Files\Hitman Pro
              2008-01-27 15:36:47 90112 --a------ C:\WINDOWS\ffvrdgt.exe
              2008-01-27 15:36:47 196608 --a------ C:\WINDOWS\adsoowf.dll <Not Verified; ; adsoowf>
              2008-01-27 15:31:42 3584 --a------ C:\WINDOWS\system32\drivers\DLPortIO.SYS
              2008-01-27 15:31:42 34816 --a------ C:\WINDOWS\system32\DLPortIO.DLL <Not Verified; Scientific Software Tools, Inc.; DriverLINX Port I/O Driver>
              2008-01-27 15:31:29 0 d-------- C:\WINDOWS\KCam4
              2008-01-27 15:31:29 0 d-------- C:\Program Files\KCam4
              2008-01-27 14:51:39 0 d-------- C:\UITVOER
              2008-01-27 14:45:09 724992 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
              2008-01-27 14:45:06 0 d-------- C:\Program Files\Baas Electronics
              2008-01-27 14:25:12 0 d-------- C:\Program Files\Project1
              2008-01-27 10:33:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
              2008-01-27 01:44:52 0 d-------- C:\Program Files\WinNc
              2008-01-27 01:44:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Tarma Installer
              2008-01-26 21:53:12 0 d-------- C:\Documents and Settings\Noel\Application Data\Symantec
              2008-01-26 13:00:19 0 d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
              2008-01-26 12:34:21 0 d-------- C:\Program Files\Alcohol Soft
              2008-01-25 21:13:17 0 d-------- C:\Program Files\Resistor Color Coder
              2008-01-25 20:46:20 0 d-------- C:\Program Files\IE New Window Maximizer
              2008-01-25 20:45:35 0 d-------- C:\Documents and Settings\Noel\Application Data\Intrepix
              2008-01-25 20:45:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Intrepix
              2008-01-25 20:40:52 0 d-------- C:\Program Files\sPlan60 (Demo)
              2008-01-24 19:48:56 0 d-------- C:\Program Files\Acronis
              2008-01-23 23:43:48 0 d-------- C:\Program Files\Norton Ghost
              2008-01-23 23:42:28 0 d-------- C:\Program Files\Symantec
              2008-01-23 23:42:28 0 d-------- C:\Program Files\Common Files\Symantec Shared
              2008-01-23 23:42:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
              2008-01-23 23:25:02 392320 --a------ C:\WINDOWS\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
              2008-01-23 22:44:07 0 d-------- C:\Documents and Settings\Noel\Application Data\Help
              2008-01-23 19:08:52 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
              2008-01-23 05:24:43 0 d-------- C:\WINDOWS\WCBurn
              2008-01-23 05:24:38 4872 --a------ C:\WINDOWS\Ufxmaint31.exe
              2008-01-23 05:16:52 0 d-------- C:\Program Files\Common Files\Willow Creek Software
              2008-01-23 05:16:09 0 d-------- C:\Program Files\Willow Creek Software
              2008-01-23 05:16:00 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
              2008-01-23 05:15:55 73216 -----n--- C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
              2008-01-22 18:58:56 0 d-------- C:\Documents and Settings\Noel\Application Data\Acronis
              2008-01-20 15:38:38 0 d-------- C:\Program Files\Windows Defender
              2008-01-20 06:51:30 0 dr-hs---- C:\BOOTWIZ
              2008-01-20 06:51:30 22528 -r-hs---- C:\bootwiz.sys
              2008-01-20 06:50:47 518656 --a------ C:\WINDOWS\system32\autoprnt.exe <Not Verified; Acronis; Acronis Autopart>
              2008-01-19 20:11:49 43520 --a------ C:\WINDOWS\system32\drivers\pamondrv.sys
              2008-01-19 19:12:44 0 d-------- C:\Program Files\SlySoft
              2008-01-19 18:36:34 0 d-------- C:\Program Files\Dual Software Gold
              2008-01-19 01:19:58 45056 --a------ C:\WINDOWS\AutoUpdateWin32.exe <Not Verified; ; Auto Update Win32 Module>
              2008-01-18 22:01:17 0 d-------- C:\Documents and Settings\Noel\Application Data\Easy Computing
              2008-01-17 17:49:48 0 d-------- C:\Program Files\AutoCAD Architecture 2008
              2008-01-17 17:46:58 0 d-------- C:\Program Files\Autodesk
              2008-01-15 16:21:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
              2008-01-15 16:21:46 0 d-------- C:\Documents and Settings\Noel\Application Data\Azureus
              2008-01-15 16:20:22 0 d-------- C:\Program Files\Azureus
              2008-01-15 13:07:14 0 dr-h----- C:\Documents and Settings\Noel\Onlangs geopend
              2008-01-14 10:50:21 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
              2008-01-14 10:36:52 62009 --a------ C:\WINDOWS\system32\wpfb_nv4_disp.dll <Not Verified; Portrait Displays, Inc.; Pivot Sofware>
              2008-01-13 23:52:20 0 d-------- C:\Program Files\Common Files\Acronis
              2008-01-13 23:52:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Easy Computing
              2008-01-13 23:50:38 0 d-------- C:\Program Files\Easy Computing
              2008-01-12 18:44:08 11776 --a------ C:\WINDOWS\system32\drivers\pdiddcci.sys <Not Verified; Portrait Displays, Inc.; Portrait Displays DDC/CI Monitor Device Driver>
              2008-01-12 18:43:36 2304 --a------ C:\WINDOWS\system32\Machnm32.sys
              2008-01-12 18:43:35 62009 --a------ C:\WINDOWS\system32\WPFB.DLL <Not Verified; Portrait Displays, Inc.; Pivot Sofware>
              2008-01-12 18:43:35 11323 --a------ C:\WINDOWS\system32\drivers\pivotmou.sys <Not Verified; Portrait Displays, Inc.; Pivot (R) Software (R)>
              2008-01-12 18:43:35 17465 --a------ C:\WINDOWS\system32\drivers\pivot.sys <Not Verified; Portrait Displays, Inc.; Windows (R) 2000 DDK driver>
              2008-01-12 15:50:22 0 d-------- C:\Swsetup
              2008-01-12 14:51:18 0 d-------- C:\Program Files\CrossLoop
              2008-01-12 02:17:52 372736 --a------ C:\WINDOWS\ijl15.dll <Not Verified; Intel Corporation; Intel® JPEG Library>
              2008-01-12 02:17:39 0 d-------- C:\Program Files\Portrait Displays
              2008-01-12 00:41:28 0 d-------- C:\Program Files\SystemRequirementsLab
              2008-01-12 00:30:06 0 d-------- C:\Program Files\Common Files\Portrait Displays
              2008-01-11 18:47:58 0 d-------- C:\Documents and Settings\Noel\Application Data\SystemRequirementsLab
              2008-01-11 18:32:47 1357 --a------ C:\WINDOWS\mozver.dat
              2008-01-11 15:24:36 0 d-------- C:\NVIDIA
              2008-01-10 05:44:59 335 --a------ C:\WINDOWS\nsreg.dat
              2008-01-10 05:44:49 0 d-------- C:\Documents and Settings\Noel\Application Data\Mozilla
              2008-01-08 05:21:44 0 d-------- C:\Documents and Settings\Noel\Application Data\DAEMON Tools
              2008-01-08 05:15:05 716272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
              2008-01-08 05:04:18 0 d-------- C:\Program Files\Lavasoft
              2008-01-06 21:15:13 0 d-------- C:\Program Files\NewsLeecher
              2008-01-06 20:00:39 0 d-------- C:\Program Files\FTDv3.8
              2008-01-06 19:19:55 0 d-------- C:\Program Files\QuickPar
              2008-01-05 15:26:01 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
              2008-01-05 12:59:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
              2008-01-05 12:59:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
              2008-01-05 12:59:37 0 d-------- C:\Program Files\Common Files\LogiShrd
              2008-01-05 12:56:57 0 d-------- C:\Program Files\Logitech
              2008-01-04 21:05:03 1024 --a------ C:\WINDOWS\system32\e-pdfcreator.dat
              2008-01-03 21:52:24 0 d-------- C:\Documents and Settings\Noel\Application Data\SmartFTP
              2008-01-03 21:51:51 0 d-------- C:\Program Files\SmartFTP Client
              2008-01-03 21:51:25 0 d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
              2008-01-03 21:00:02 0 d-------- C:\Program Files\Amara - Flash News Ticker
              2008-01-03 20:58:26 0 d-------- C:\Program Files\Amara - Flash Menu Builder
              2008-01-03 20:56:38 0 d-------- C:\Program Files\Amara - Flash Slide Show Builder
              2008-01-03 20:54:34 0 d-------- C:\Program Files\Amara - Flash Photo Animation Software
              2008-01-03 19:40:05 0 d-------- C:\Documents and Settings\Noel\film tunes
              2008-01-03 19:19:51 0 d-------- C:\Program Files\Xilisoft
              2008-01-03 18:36:25 0 d-------- C:\Program Files\Amara - Flash Intro and Banner Builder
              2008-01-02 01:18:08 0 d-------- C:\Documents and Settings\Noel\Application Data\GlarySoft
              2008-01-01 10:47:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
              2008-01-01 09:47:01 0 d-------- C:\Program Files\Trend Micro
              2008-01-01 08:53:03 0 d--h----- C:\WINDOWS\system32\GroupPolicy
              2007-12-30 12:34:38 26752 --a------ C:\WINDOWS\IMAGEMAN.DLL
              2007-12-30 12:34:30 151984 --a------ C:\WINDOWS\BWCC.DLL <Not Verified; Borland International; >
              2007-12-30 12:34:24 0 d-------- C:\ADVSCH
              2007-12-30 06:51:15 0 d-------- C:\Documents and Settings\LocalService\Application Data\Acronis
              2007-12-29 21:11:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Acronis
              2007-12-29 21:05:06 32768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys <Not Verified; Acronis; Acronis True Image>
              2007-12-29 19:30:35 0 d-------- C:\Program Files\Nieuwe map
              2007-12-29 15:45:43 0 d-------- C:\WINDOWS\pss
              2007-12-29 10:32:43 0 d-------- C:\DriveKey
              2007-12-29 07:25:08 0 d-------- C:\Program Files\Disk Heal
              2007-12-28 22:36:41 0 d-------- C:\Program Files\Your Uninstaller 2008
              2007-12-28 22:09:52 0 d-------- C:\Documents and Settings\Noel\Incomplete
              2007-12-28 22:09:28 0 d-------- C:\Documents and Settings\Noel\Application Data\LimeWire
              2007-12-28 21:51:38 87 -ra------ C:\WINDOWS\hosts
              2007-12-28 19:10:42 0 d-------- C:\WINDOWS\system32\nl-nl
              2007-12-28 19:06:56 0 d-------- C:\WINDOWS\network diagnostic
              2007-12-28 19:02:59 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
              2007-12-28 19:02:59 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
              2007-12-28 19:02:58 6550 --a------ C:\WINDOWS\jautoexp.dat
              2007-12-28 19:02:52 113 --a------ C:\WINDOWS\system32\zonedon.reg
              2007-12-28 19:02:51 113 --a------ C:\WINDOWS\system32\zonedoff.reg


              -- Find3M Report ---------------------------------------------------------------

              2008-01-27 10:33:34 0 d-------- C:\Program Files\Common Files
              2008-01-25 17:38:16 0 d-------- C:\Program Files\SmartDraw 2008
              2008-01-25 17:37:20 0 d-------- C:\Program Files\MSN Messenger
              2008-01-23 20:01:33 52 --a------ C:\Program Files\downloads.BDF
              2008-01-23 05:53:34 52 --a------ C:\Program Files\noel1.BDF
              2008-01-23 05:29:06 52 --a------ C:\Program Files\pack1.BDF
              2008-01-23 05:25:20 52 --a------ C:\Program Files\Save Windows and Programs (No Data or Documents).BDF
              2008-01-23 05:25:20 52 --a------ C:\Program Files\Save Data and Documents Only.BDF
              2008-01-19 20:11:34 77824 --a------ C:\WINDOWS\system32\setupnt.dll <Not Verified; ; Setupnt Dynamic Link Library>
              2008-01-19 01:48:56 0 d--h----- C:\Program Files\InstallShield Installation Information
              2008-01-19 01:48:54 0 d-------- C:\Program Files\Common Files\TV
              2008-01-19 01:48:43 0 d-------- C:\Program Files\Common Files\MAGIX Shared
              2008-01-19 01:48:35 0 d-------- C:\Program Files\Common Files\Ahead
              2008-01-19 01:48:34 0 d-------- C:\Program Files\Common Files\Adobe
              2008-01-18 21:14:06 0 d-------- C:\Program Files\Common Files\InstallShield
              2008-01-17 17:56:21 0 d-------- C:\Program Files\Common Files\Autodesk Shared
              2008-01-17 17:50:13 0 d-------- C:\Documents and Settings\Noel\Application Data\Autodesk
              2008-01-14 13:33:08 465926 --a------ C:\WINDOWS\system32\perfh013.dat
              2008-01-14 13:33:08 81380 --a------ C:\WINDOWS\system32\perfc013.dat
              2008-01-12 18:48:09 0 d-------- C:\Documents and Settings\Noel\Application Data\DisplayTune
              2008-01-12 16:04:03 0 d-------- C:\Program Files\Google
              2008-01-12 01:17:24 0 d-------- C:\Program Files\C-Media 3D Audio
              2008-01-09 18:10:38 0 d-------- C:\Documents and Settings\Noel\Application Data\SmartDraw
              2008-01-04 17:18:00 0 d-------- C:\Documents and Settings\Noel\Application Data\IEPro
              2007-12-30 12:38:54 20 --a------ C:\AUTOEXEC.BAT
              2007-12-29 13:56:53 0 d-------- C:\Program Files\X10 Hardware
              2007-12-28 22:36:54 0 d-------- C:\Documents and Settings\Noel\Application Data\URSoft
              2007-12-27 22:12:53 0 d-------- C:\Program Files\e-PDF Converter and Creator v2.1
              2007-12-27 19:53:47 0 d-------- C:\Program Files\TC UP
              2007-12-27 13:46:06 0 d-------- C:\Documents and Settings\Noel\Application Data\MiniDm
              2007-12-27 13:18:58 0 d-------- C:\Program Files\IEPro
              2007-12-27 13:11:35 0 d-------- C:\Documents and Settings\Noel\Application Data\USBSafelyRemove
              2007-12-27 13:11:04 0 d-------- C:\Program Files\USB Safely Remove
              2007-12-26 20:21:35 0 d-------- C:\Program Files\Common Files\X10
              2007-12-26 00:35:21 0 d-------- C:\Program Files\Spyware Doctor
              2007-12-25 23:41:03 0 d-------- C:\Documents and Settings\Noel\Application Data\PC Tools
              2007-12-25 22:35:54 0 d-------- C:\Program Files\Cyberlink
              2007-12-25 22:32:43 0 d-------- C:\Documents and Settings\Noel\Application Data\CyberLink
              2007-12-25 21:23:51 0 d-------- C:\Documents and Settings\Noel\Application Data\Media Player Classic
              2007-12-25 19:04:30 0 d-------- C:\Program Files\Win XP
              2007-12-25 19:04:29 0 d-------- C:\Program Files\Win 98,Me,W2k
              2007-12-25 14:44:59 0 d-------- C:\Documents and Settings\Noel\Application Data\Nero
              2007-12-25 14:43:59 0 d-------- C:\Program Files\Common Files\Nero
              2007-12-25 14:41:58 0 d-------- C:\Program Files\Nero
              2007-12-25 11:44:16 6277358 --a------ C:\e-pdf-converter-creator.exe <Not Verified; e-PDFConverter Inc; >
              2007-12-25 10:43:50 0 d-------- C:\Program Files\PC Wizard 2006
              2007-12-25 08:55:20 0 d-------- C:\Program Files\AutoCAD 2006
              2007-12-25 03:01:30 0 d-------- C:\Program Files\MSXML 4.0
              2007-12-24 23:43:38 0 d-------- C:\Program Files\AnswerWorks 4.0
              2007-12-24 21:38:35 98 --a------ C:\WINDOWS\SPR5375.DAT
              2007-12-24 21:17:41 104131 --a------ C:\WINDOWS\hpoins04.dat
              2007-12-24 21:06:30 0 d-------- C:\Program Files\HP
              2007-12-24 21:04:10 0 d-------- C:\Program Files\Common Files\HP
              2007-12-24 21:03:01 0 d-------- C:\Program Files\Hewlett-Packard
              2007-12-24 21:02:06 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
              2007-12-23 20:36:13 0 d-------- C:\Documents and Settings\Noel\Application Data\Adobe
              2007-12-23 20:02:22 0 d-------- C:\Documents and Settings\Noel\Application Data\Macromedia
              2007-12-23 19:44:57 0 d-------- C:\Program Files\SmartDraw 2007
              2007-12-23 18:59:08 0 d-------- C:\Documents and Settings\Noel\Application Data\Google
              2007-12-23 18:57:51 0 d-------- C:\Documents and Settings\Noel\Application Data\Sun
              2007-12-23 18:57:34 0 d-------- C:\Program Files\Java
              2007-12-23 18:57:08 0 d-------- C:\Program Files\Common Files\Java
              2007-12-23 18:34:19 0 d-------- C:\Program Files\Silicon Integrated Systems
              2007-12-23 17:30:19 62 --ahs---- C:\Documents and Settings\Noel\Application Data\desktop.ini
              2007-12-23 17:25:44 1024 --a------ C:\WINDOWS\system32\btpbl9.dll
              2007-12-23 17:06:45 592 --a------ C:\WINDOWS\chgkey.vbs
              2007-12-23 17:00:37 0 d-------- C:\Program Files\Registry Repair
              2007-12-23 16:56:14 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
              2007-12-23 16:55:45 0 d-------- C:\Documents and Settings\Noel\Application Data\WinRAR
              2007-12-23 16:46:33 0 d-------- C:\Documents and Settings\Noel\Application Data\Identities
              2007-12-23 16:39:09 0 -rahs---- C:\MSDOS.SYS
              2007-12-23 16:39:09 0 -rahs---- C:\IO.SYS
              2007-12-23 16:39:09 0 --a------ C:\CONFIG.SYS
              2007-12-23 16:36:31 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat


              -- Registry Dump ---------------------------------------------------------------

              *Note* empty entries & legit default entries are not shown


              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2190857-2B7C-46E1-851B-F8919A2DE836}]
              C:\WINDOWS\dntpkwolxs.dll

              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [23/12/2007 16:56]
              "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [12/07/2002 11:15]
              "Cmaudio"="cmicnfg.cpl"
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
              "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/02/2004 13:38]
              "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/05/2004 15:18]
              "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 14:57]
              "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [03/12/2007 14:21]
              "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
              "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [02/03/2007 17:55]
              "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [08/02/2007 01:12]
              "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [08/02/2007 01:13]
              "PivotSoftware"="C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" [09/02/2007 12:17]
              "DT HPW"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [29/06/2007 17:56]
              "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/06/2006 17:22]
              "nwiz"="nwiz.exe" [01/06/2006 17:22 C:\WINDOWS\system32\nwiz.exe]
              "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [01/06/2006 17:22]
              "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [28/09/2006 20:21]
              "Easy Computing Popup Blocker"="C:\PROGRA~1\EASYCO~1\PCCLEA~1.0\Blocker.dll" [19/01/2008 20:11]
              "SpyWare Shield"="C:\Program Files\Easy Computing\PC Cleaner 3.0\Shield.exe" [19/01/2008 20:11]
              "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
              "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [16/02/2007 18:49]
              "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [17/02/2007 18:30]
              "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [17/02/2007 18:35]
              "Norton Ghost 12.0"="D:\Agent\VProTray.exe" [28/03/2007 20:41]
              "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [02/11/2007 17:24]

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:03]
              "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [25/12/2007 16:00]
              "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [13/12/2007 19:10]
              "USB Safely Remove"="C:\Program Files\USB Safely Remove\USBSafelyRemove.exe" [20/12/2007 13:22]
              "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [22/12/2007 08:23]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              AutoCAD 2006 Vertaler.lnk - C:\Program Files\AutoCAD 2006\AutoCAD 2006 Vertaler\XLStart.exe [25/12/2007 8:55:20]
              AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [5/03/2005 13:18:22]
              HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [28/05/2004 22:31:38]
              Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [28/05/2004 23:06:36]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
              "bgrlsmn"= {DE53F2F6-C34C-4FE7-BDC8-B8C5F8979FAD} - C:\WINDOWS\bgrlsmn.dll [ ]

              [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
              "Authentication Packages"= msv1_0 relog_ap

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
              @="Service"

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
              @="Service"

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
              @="Volume shadow copy"

              *Newly Created Service* - NORTON_GHOST



              -- Hosts -----------------------------------------------------------------------

              127.0.0.1 reg.edonkey2000.com
              127.0.0.1 reg.overnet.com
              127.0.0.1 reg.edonkey.com
              127.0.0.1 reg.edonkey2000.com
              127.0.0.1 reg.overnet.com
              127.0.0.1 reg.edonkey.com
              127.255.255.255 serial.alcohol-soft.com


              -- End of Deckard's System Scanner: finished at 2008-01-28 17:32:38 ------------

              Comment


              • #8
                Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                Dit zal alles van RVAXO doen verwijderen.

                Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
                O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                O2 - BHO: SXG Advisor - {A2190857-2B7C-46E1-851B-F8919A2DE836} - C:\WINDOWS\dntpkwolxs.dll (file missing)
                O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
                O3 - Toolbar: ekxdvft - {D7257984-3F99-4D51-87C6-4D5E111DEBA9} - C:\WINDOWS\ekxdvft.dll (file missing)
                O21 - SSODL: bgrlsmn - {DE53F2F6-C34C-4FE7-BDC8-B8C5F8979FAD} - C:\WINDOWS\bgrlsmn.dll (file missing)

                Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

                Verwijder de volgende bestanden:
                C:\WINDOWS\dntpkwolxs.bak
                C:\WINDOWS\ekxdvft.bak
                C:\WINDOWS\bgrlsmn.bak
                C:\WINDOWS\ffvrdgt.exe
                C:\WINDOWS\adsoowf.dll
                C:\WINDOWS\AutoUpdateWin32.exe

                Maak dan je prullenbak leeg.

                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Post als laatste nog een nieuw logje van Hijackthis ter controle

                Comment


                • #9
                  dit is de laaste log file van noel alles gaat beter

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 19:31:04, on 28/01/2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\csrss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Windows Defender\MsMpEng.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\system32\spoolsv.exe
                  c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
                  C:\Program Files\Eset\nod32kui.exe
                  C:\WINDOWS\SiSUSBrg.exe
                  C:\WINDOWS\system32\RunDll32.exe
                  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                  C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
                  C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
                  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                  C:\Program Files\CyberLink\PowerCinema\PCMService.exe
                  C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
                  C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
                  C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
                  C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
                  C:\WINDOWS\system32\RUNDLL32.EXE
                  C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
                  C:\WINDOWS\system32\RunDll32.exe
                  C:\Program Files\Easy Computing\PC Cleaner 3.0\Shield.exe
                  C:\Program Files\Windows Defender\MSASCui.exe
                  C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
                  C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
                  C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
                  D:\Agent\VProTray.exe
                  C:\Program Files\Spyware Doctor\SDTrayApp.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
                  C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
                  C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
                  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                  C:\Program Files\AutoCAD 2006\AutoCAD 2006 Vertaler\XLStart.exe
                  C:\Program Files\Portrait Displays\Pivot Software\floater.exe
                  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                  C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
                  C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
                  C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
                  C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
                  C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                  C:\PROGRA~1\INCRED~1\bin\IMApp.exe
                  C:\Program Files\Eset\nod32krn.exe
                  D:\Agent\VProSvc.exe
                  C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
                  C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
                  C:\WINDOWS\system32\nvsvc32.exe
                  C:\Program Files\Cyberlink\Shared files\RichVideo.exe
                  C:\Program Files\Spyware Doctor\svcntaux.exe
                  C:\Program Files\Spyware Doctor\swdsvc.exe
                  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\wdfmgr.exe
                  C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
                  C:\Program Files\Common Files\Acronis\ProcessActivityMonitor\paamsrv.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                  C:\WINDOWS\System32\wbem\wmiprvse.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
                  O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
                  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\EASYCO~1\PCCLEA~1.0\Blocker.dll
                  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
                  O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
                  O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                  O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
                  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
                  O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                  O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
                  O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
                  O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
                  O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
                  O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
                  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                  O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
                  O4 - HKLM\..\Run: [Easy Computing Popup Blocker] RunDll32.exe C:\PROGRA~1\EASYCO~1\PCCLEA~1.0\Blocker.dll,Run
                  O4 - HKLM\..\Run: [SpyWare Shield] "C:\Program Files\Easy Computing\PC Cleaner 3.0\Shield.exe"
                  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                  O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
                  O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
                  O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
                  O4 - HKLM\..\Run: [Norton Ghost 12.0] "D:\Agent\VProTray.exe"
                  O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
                  O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
                  O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
                  O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
                  O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                  O4 - Global Startup: AutoCAD 2006 Vertaler.lnk = C:\Program Files\AutoCAD 2006\AutoCAD 2006 Vertaler\XLStart.exe
                  O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
                  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                  O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                  O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
                  O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra button: PC Cleaner 3.0 Pop-ups blokkeren - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\EASYCO~1\PCCLEA~1.0\Blocker.dll
                  O9 - Extra 'Tools' menuitem: Pop-ups blokkeren - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\EASYCO~1\PCCLEA~1.0\Blocker.dll
                  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
                  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                  O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
                  O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                  O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                  O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
                  O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
                  O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
                  O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                  O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
                  O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
                  O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
                  O23 - Service: Norton Ghost - Symantec Corporation - D:\Agent\VProSvc.exe
                  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                  O23 - Service: Process Activity Monitor (paamsrv) - Unknown owner - C:\Program Files\Common Files\Acronis\ProcessActivityMonitor\paamsrv.exe
                  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
                  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
                  O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
                  O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

                  --
                  End of file - 12639 bytes

                  Comment


                  • #10
                    Logje lijkt me schoon

                    Comment


                    • #11
                      IE explorer zo ja welkre versie of firefox ? is het beste

                      IE explorer zo ja welkre versie of firefox ? is het beste

                      Comment


                      • #12
                        heb nog niet de kans gehad je te bedanken voor je goede hulp

                        zeer profecionele hulp nogmaals bedankt

                        groetjes

                        noel

                        Comment


                        • #13
                          Graag gedaan hoor

                          Je hebt IE7, dat is de laatste versie.
                          FireFox is volgens mij versie 3

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X