Mededeling

Collapse
No announcement yet.

Fake 'windows update' en 'help and support' op bureaublad

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Fake 'windows update' en 'help and support' op bureaublad

    Hallo,

    Ik zit sinds kort met volgens probleem:

    De c-schijf staat vol met duizenden tmp bestanden die allemaal beginnen met pos.... Die krijg ik er niet af en bovendien staan op mijn bureaublad 2 pictogrammen die verwijzen naar windows update en help en support van windows, maar die zijn duidelijk niet echt.

    De pc is traag, start vrij moeilijk op en probeert regelmatig tevergeefs systeemherstel, echter zonder resultaat. Ook firefox en internet explorer werken soms niet, enkele malen de pagina vernieuwen helpt dan weer wel.

    Log van Hijackthis levert dit op:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:24:21, on 7/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\aphaetci.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\Program Files\National Instruments\MAX\nimxs.exe
    C:\WINDOWS\system32\nicitdl5.exe
    C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    C:\WINDOWS\system32\nisvcloc.exe
    C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\nipalsm.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\windows
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=BENL&range=AD&phase=6&key=SEARCH
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://extra.khk.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 85.214.19.81 l2testauthd.lineage2.com
    O1 - Hosts: 85.214.19.81 l2authd.lineage2.com
    O3 - Toolbar: PBBENLV2 - {4E7BD74F-2B8D-469E-A0E8-F362B197B82D} - C:\WINDOWS\system32\pbbenlv2.dll (file missing)
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC"
    O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [dbservices] scm -Silent 1 -Action 1 -Service mssqlserver
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [40bebe7a] rundll32.exe "C:\WINDOWS\system32\kwdynocv.dll",b
    O4 - HKLM\..\Run: [BM438d8de6] Rundll32.exe "C:\WINDOWS\system32\swjhjqgu.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\microsoft office\Office12\ONENOTEM.EXE
    O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\benl.htm
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dentish.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187726370703
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187726337828
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://dentish.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\aphaetci.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
    O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
    O23 - Service: National Instruments Citadel (NICitadel5Service) - National Instruments, Inc. - C:\WINDOWS\system32\nicitdl5.exe
    O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
    O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
    O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
    O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 10545 bytes


    Bedankt voor wie mij hiermee kan helpen!!!
    Labels: Geen
    • Citaat
  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
    • Citaat

    Comment

    • #3
      ---RVAXO.exe Updated: 2008-03-07---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\system32\aqumxpil.dllbox
      C:\WINDOWS\system32\gjjlm.bak2
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\windows
      C:\Documents and Settings\Wietse\Mijn documenten\pos???.tmp
      C:\WINDOWS\Installer\{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}\CustomRes.dll
      C:\WINDOWS\Installer\{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}\InstBasicUI.dll
      C:\WINDOWS\Installer\{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}\InstRes.dll
      C:\WINDOWS\Installer\{6F411DB4-EC41-482B-AD46-384957928F69}\CustomRes.dll
      C:\WINDOWS\Installer\{6F411DB4-EC41-482B-AD46-384957928F69}\InstBasicUI.dll
      C:\WINDOWS\Installer\{6F411DB4-EC41-482B-AD46-384957928F69}\InstRes.dll
      C:\pos???.tmp
      C:\Documents and Settings\Wietse\Bureau~1\Help and Support Center.lnk

      Folders Found:

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:
      C:\pos???.tmp
      C:\Documents and Settings\Wietse\Mijn documenten\Mijn ontvangen bestanden\testje.zip
      C:\Documents and Settings\Wietse\Bureau~1\Help and Support Center.lnk

      --------------RVAXO.exe finished----------------
      • Citaat

      Comment

      • #4
        ComboFix 08-03-07.1 - Wietse 2008-03-07 20:02:53.1 - NTFSx86
        Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.897 [GMT 1:00]
        Gestart vanuit: C:\Documents and Settings\Wietse\Bureaublad\ComboFix.exe
        * Nieuw herstelpunt werd aangemaakt
        .

        (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\Documents and Settings\Wietse\Application Data\macromedia\Flash Player\#SharedObjects\8QED67XF\iforex.com
        C:\Documents and Settings\Wietse\Application Data\macromedia\Flash Player\#SharedObjects\8QED67XF\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
        C:\Documents and Settings\Wietse\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
        C:\Documents and Settings\Wietse\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
        C:\WINDOWS\BM438d8de6.xml
        C:\WINDOWS\cookies.ini
        C:\WINDOWS\pskt.ini
        C:\WINDOWS\system32\aablvpao.ini
        C:\WINDOWS\system32\acvkbvsh.dll
        C:\WINDOWS\system32\ahvbvpuk.ini
        C:\WINDOWS\system32\aidcvkny.dll
        C:\WINDOWS\system32\akuiplrk.dll
        C:\WINDOWS\system32\aqumxpil.dll
        C:\WINDOWS\system32\bcwhwkoo.ini
        C:\WINDOWS\system32\bdrfjmar.dll
        C:\WINDOWS\system32\bwqfqykf.ini
        C:\WINDOWS\system32\cotbjend.dll
        C:\WINDOWS\system32\dbffctbl.dll
        C:\WINDOWS\system32\ddlpyvcc.dll
        C:\WINDOWS\system32\dfegycmf.ini
        C:\WINDOWS\system32\dfgqpmmu.dll
        C:\WINDOWS\system32\dimselan.ini
        C:\WINDOWS\system32\dqgrbvmy.dll
        C:\WINDOWS\system32\dqiqqwkf.ini
        C:\WINDOWS\system32\drivers\npf.sys
        C:\WINDOWS\system32\dvaxxmqc.dll
        C:\WINDOWS\system32\dywrkhct.dll
        C:\WINDOWS\system32\eciqwerr.dll
        C:\WINDOWS\system32\efmsfljd.ini
        C:\WINDOWS\system32\elfpoylg.dll
        C:\WINDOWS\system32\elkjuujv.dll
        C:\WINDOWS\system32\emnauvhk.dll
        C:\WINDOWS\system32\euohlxdn.exe
        C:\WINDOWS\system32\ewmpixvw.ini
        C:\WINDOWS\system32\famnutxx.dll
        C:\WINDOWS\system32\faplnkif.dll
        C:\WINDOWS\system32\fcplwbej.ini
        C:\WINDOWS\system32\flusycqr.dll
        C:\WINDOWS\system32\fmfdcedh.dll
        C:\WINDOWS\system32\frgvadbe.ini
        C:\WINDOWS\system32\fvmyfdju.dll
        C:\WINDOWS\system32\fycabhnu.dll
        C:\WINDOWS\system32\fyfolhhm.ini
        C:\WINDOWS\system32\gabmwyjy.dll
        C:\WINDOWS\system32\gfahrvtw.ini
        C:\WINDOWS\system32\gjjlm.ini
        C:\WINDOWS\system32\gkdmgcnm.dll
        C:\WINDOWS\system32\gnkaxtka.dll
        C:\WINDOWS\system32\gpocnjqg.ini
        C:\WINDOWS\system32\guipiuhv.dll
        C:\WINDOWS\system32\gujjsaop.ini
        C:\WINDOWS\system32\hdtnkkwi.ini
        C:\WINDOWS\system32\hmnxvonu.dll
        C:\WINDOWS\system32\hndluihv.dll
        C:\WINDOWS\system32\hqwwgnmh.dll
        C:\WINDOWS\system32\hqyylpuo.dll
        C:\WINDOWS\system32\hrobhlna.ini
        C:\WINDOWS\system32\hvphevgo.dll
        C:\WINDOWS\system32\idhikpgs.dll
        C:\WINDOWS\system32\ijwvnyhm.ini
        C:\WINDOWS\system32\ippitqug.dll
        C:\WINDOWS\system32\iprdknmk.dll
        C:\WINDOWS\system32\iqnvokvs.dll
        C:\WINDOWS\system32\iwgwmqkh.dll
        C:\WINDOWS\system32\jbaqjddr.ini
        C:\WINDOWS\system32\jghlslhs.dll
        C:\WINDOWS\system32\jlvketqb.ini
        C:\WINDOWS\system32\jpfnvrkg.dll
        C:\WINDOWS\system32\jqmhheuq.ini
        C:\WINDOWS\system32\juqrprhm.ini
        C:\WINDOWS\system32\jvtqjoil.dll
        C:\WINDOWS\system32\kediyrru.dll
        C:\WINDOWS\system32\kfulbphy.dll
        C:\WINDOWS\system32\kmnkdrpi.ini
        C:\WINDOWS\system32\knmcnlmd.dll
        C:\WINDOWS\system32\kpxhspix.dll
        C:\WINDOWS\system32\kuoiscpo.ini
        C:\WINDOWS\system32\kvnrjexa.ini
        C:\WINDOWS\system32\kwdynocv.dll
        C:\WINDOWS\system32\laasdcyw.ini
        C:\WINDOWS\system32\ldrcvgob.ini
        C:\WINDOWS\system32\lhcafvaj.dll
        C:\WINDOWS\system32\luankjwt.dll
        C:\WINDOWS\system32\lujqejqq.ini
        C:\WINDOWS\system32\luvfhhjb.dll
        C:\WINDOWS\system32\lwiemsgo.ini
        C:\WINDOWS\system32\mcbjemqc.dll
        C:\WINDOWS\system32\mdqykphv.ini
        C:\WINDOWS\system32\mfhdvhbk.dll
        C:\WINDOWS\system32\mljjg.dll
        C:\WINDOWS\system32\myiekqvc.ini
        C:\WINDOWS\system32\nalesmid.dll
        C:\WINDOWS\system32\nftiqggm.ini
        C:\WINDOWS\system32\nhjytpgw.dll
        C:\WINDOWS\system32\nhybhwre.dll
        C:\WINDOWS\system32\nslfkpfh.dll
        C:\WINDOWS\system32\nuibippl.dll
        C:\WINDOWS\system32\numvyggt.ini
        C:\WINDOWS\system32\nxrvahsg.dll
        C:\WINDOWS\system32\odpaxees.dll
        C:\WINDOWS\system32\okowtkqq.ini
        C:\WINDOWS\system32\opcsiouk.dll
        C:\WINDOWS\system32\osckmovp.dll
        C:\WINDOWS\system32\ownibtuq.dll
        C:\WINDOWS\system32\Packet.dll
        C:\WINDOWS\system32\pbqgtcaw.dll
        C:\WINDOWS\system32\pdcdpkrw.ini
        C:\WINDOWS\system32\pgfyakpv.ini
        C:\WINDOWS\system32\pnbauaao.dll
        C:\WINDOWS\system32\pthreadVC.dll
        C:\WINDOWS\system32\pvdxchsv.dll
        C:\WINDOWS\system32\qklfuqvn.ini
        C:\WINDOWS\system32\qmkawfal.dll
        C:\WINDOWS\system32\qqgnoxcc.ini
        C:\WINDOWS\system32\qsvfjwki.dll
        C:\WINDOWS\system32\qsvmvkrf.ini
        C:\WINDOWS\system32\qvghjrob.dll
        C:\WINDOWS\system32\qwguokgq.dll
        C:\WINDOWS\system32\rblpwpkr.ini
        C:\WINDOWS\system32\rddjqabj.dll
        C:\WINDOWS\system32\rlsiqtnq.dll
        C:\WINDOWS\system32\rqcysulf.ini
        C:\WINDOWS\system32\rrewqice.ini
        C:\WINDOWS\system32\rtmbcsvv.dll
        C:\WINDOWS\system32\rvwqomtl.dll
        C:\WINDOWS\system32\rxnronds.ini
        C:\WINDOWS\system32\saqiflxc.ini
        C:\WINDOWS\system32\sdnxqndl.dll
        C:\WINDOWS\system32\sfpckapu.dll
        C:\WINDOWS\system32\slbbeaxb.dll
        C:\WINDOWS\system32\soebhugc.dll
        C:\WINDOWS\system32\svcrjmkq.dll
        C:\WINDOWS\system32\svnfmuhb.ini
        C:\WINDOWS\system32\swjhjqgu.dll
        C:\WINDOWS\system32\tbxhxecv.dll
        C:\WINDOWS\system32\tggnvpga.dll
        C:\WINDOWS\system32\tguslpbn.dll
        C:\WINDOWS\system32\tkguahwe.dll
        C:\WINDOWS\system32\tnrsxwmm.dll
        C:\WINDOWS\system32\tylumhrq.ini
        C:\WINDOWS\system32\uebpxekx.dll
        C:\WINDOWS\system32\uomrngxw.ini
        C:\WINDOWS\system32\uwxrawcc.ini
        C:\WINDOWS\system32\vconydwk.ini
        C:\WINDOWS\system32\vrvalqbh.ini
        C:\WINDOWS\system32\vthiggaa.dll
        C:\WINDOWS\system32\vucgnxwd.ini
        C:\WINDOWS\system32\WanPacket.dll
        C:\WINDOWS\system32\wgmyjfwe.dll
        C:\WINDOWS\system32\wgptyjhn.ini
        C:\WINDOWS\system32\wituviqb.ini
        C:\WINDOWS\system32\wpcap.dll
        C:\WINDOWS\system32\wwmlfglx.ini
        C:\WINDOWS\system32\xaqauksm.dll
        C:\WINDOWS\system32\xchukfws.ini
        C:\WINDOWS\system32\xjapjxcj.dll
        C:\WINDOWS\system32\xlgflmww.dll
        C:\WINDOWS\system32\xouavhbr.ini
        C:\WINDOWS\system32\xqghxjdj.ini
        C:\WINDOWS\system32\xvlowmsi.dll
        C:\WINDOWS\system32\xvrsrrhm.ini
        C:\WINDOWS\system32\ydermdla.ini

        .
        ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        -------\LEGACY_DOMAINSERVICE
        -------\LEGACY_NPF
        -------\NPF


        (((((((((((((((((((( Bestanden Gemaakt van 2008-02-07 to 2008-03-07 ))))))))))))))))))))))))))))))
        .

        2008-03-07 19:48 . 2008-03-07 20:00 20,162 ---hs---- C:\WINDOWS\system32\aqumxpil.dllbox
        2008-03-07 19:45 . 2008-03-07 19:48 <DIR> d-------- C:\RVAXO
        2008-03-07 19:38 . 2008-03-07 18:11 726,670 --a------ C:\WINDOWS\system32\RVAXO.bat
        2008-03-07 19:38 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
        2008-03-07 19:24 . 2008-03-07 19:24 <DIR> d-------- C:\Program Files\Trend Micro
        2008-03-07 14:09 . 2008-03-07 14:09 <DIR> d-------- C:\Program Files\Lavasoft
        2008-03-07 12:23 . 2008-03-07 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
        2008-03-05 13:55 . 2008-03-05 13:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
        2008-03-05 13:55 . 2008-03-05 13:55 1,409 --a------ C:\WINDOWS\QTFont.for
        2008-03-01 18:55 . 2008-03-01 18:55 <DIR> d-------- C:\Documents and Settings\Wietse\Application Data\TechSmith
        2008-03-01 18:29 . 2008-03-04 16:26 <DIR> d-------- C:\PL7TEMP
        2008-02-28 18:43 . 2008-02-28 18:42 164 --a------ C:\WINDOWS\SN-SBBMOD.000
        2008-02-28 18:42 . 2008-02-28 18:43 164 --a------ C:\WINDOWS\SN-SBBMOD.EPL
        2008-02-27 16:49 . 2008-02-27 16:56 <DIR> d-------- C:\Program Files\Windows Live
        2008-02-27 16:49 . 2008-02-27 16:56 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
        2008-02-27 16:48 . 2008-02-27 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
        2008-02-27 14:26 . 2008-02-27 14:26 <DIR> d-------- C:\Program Files\JoWooD Productions Software AG
        2008-02-27 14:26 . 2008-02-27 14:26 <DIR> d-------- C:\Program Files\Common Files\InstallShield
        2008-02-24 20:20 . 2008-02-24 20:20 <DIR> d-------- C:\Documents and Settings\Wietse\Application Data\dvdcss
        2008-02-22 18:47 . 2007-04-05 12:16 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
        2008-02-22 17:24 . 2008-02-22 17:24 <DIR> d-------- C:\Program Files\TechSmith
        2008-02-22 17:24 . 2008-02-22 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
        2008-02-21 19:40 . 2008-02-15 19:13 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
        2008-02-21 19:40 . 2008-02-15 19:13 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
        2008-02-21 18:45 . 2008-02-21 18:45 <DIR> d-------- C:\Program Files\FDRLab
        2008-02-21 18:45 . 2008-02-21 18:45 <DIR> d-------- C:\Program Files\Common Files\FDRLab
        2008-02-19 19:52 . 2008-02-19 19:57 <DIR> d-------- C:\OutputFolder
        2008-02-19 19:50 . 2008-02-19 19:50 <DIR> d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
        2008-02-18 18:39 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
        2008-02-18 18:39 . 2001-09-06 21:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
        2008-02-16 19:34 . 2008-02-16 19:34 <DIR> d-------- C:\Program Files\MSXML 6.0
        2008-02-15 16:05 . 2008-02-15 16:05 <DIR> d-------- C:\Documents and Settings\Wietse\Application Data\Ansys
        2008-02-15 15:15 . 2008-02-15 15:16 <DIR> d-------- C:\Program Files\AOEMView 2008
        2008-02-15 15:13 . 2008-02-15 15:13 <DIR> d-------- C:\Program Files\Microsoft WSE
        2008-02-15 15:05 . 2008-02-15 15:05 <DIR> d-------- C:\Program Files\DWG TrueView 2007
        2008-02-15 15:05 . 2008-03-04 16:31 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
        2008-02-15 15:05 . 2008-03-01 22:02 <DIR> d-------- C:\Program Files\Autodesk
        2008-02-15 15:05 . 2008-03-01 22:06 <DIR> d-------- C:\Documents and Settings\Wietse\Application Data\Autodesk
        2008-02-15 15:05 . 2008-03-02 13:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
        2008-02-15 15:02 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
        2008-02-15 15:01 . 2005-07-27 13:43 150,224 --a------ C:\WINDOWS\system32\RGB9Rast_1.dll
        2008-02-13 18:38 . 2004-08-03 23:10 49,024 --a------ C:\WINDOWS\system32\drivers\mstape.sys
        2008-02-13 18:38 . 2004-08-03 23:10 49,024 --a------ C:\WINDOWS\system32\dllcache\mstape.sys
        2008-02-13 18:38 . 2004-08-03 23:10 13,696 --a------ C:\WINDOWS\system32\drivers\avcstrm.sys
        2008-02-13 18:38 . 2004-08-03 23:10 13,696 --a------ C:\WINDOWS\system32\dllcache\avcstrm.sys
        2008-02-12 18:27 . 2008-02-12 18:27 53,312 --a------ C:\WINDOWS\system32\uqyfdxxa.exe
        2008-02-11 19:00 . 2008-02-11 19:00 <DIR> d-------- C:\Program Files\DVDVideoSoft
        2008-02-11 19:00 . 2008-02-12 17:45 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
        2008-02-11 18:58 . 2008-02-11 18:58 <DIR> d-------- C:\Documents and Settings\Nisse\Application Data\vlc
        2008-02-11 18:27 . 2008-02-11 18:27 <DIR> d-------- C:\Documents and Settings\Nisse\Application Data\MPEG Streamclip

        .
        ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-03-07 19:26 92,200,224 ----a-w C:\WINDOWS\system32\drivers\fidbox.dat
        2008-03-07 19:22 7,355,424 ----a-w C:\WINDOWS\system32\drivers\fidbox2.dat
        2008-03-07 19:20 691,664 ----a-w C:\WINDOWS\system32\drivers\fidbox2.idx
        2008-03-07 19:20 1,237,940 ----a-w C:\WINDOWS\system32\drivers\fidbox.idx
        2008-03-07 18:17 --------- d-----w C:\Documents and Settings\Wietse\Application Data\MailWasherPro
        2008-03-07 13:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
        2008-03-07 12:53 --------- d-----w C:\Documents and Settings\Wietse\Application Data\Azureus
        2008-03-07 11:12 512 ----a-w C:\ScanSectorLog.dat
        2008-03-06 16:44 --------- d-----w C:\Program Files\Lineage II
        2008-03-05 12:31 --------- d-----w C:\Program Files\Azureus
        2008-03-02 16:07 --------- d-----w C:\Program Files\Steam
        2008-03-01 20:58 --------- d-----w C:\Program Files\Microsoft SQL Server
        2008-03-01 20:48 --------- d-----w C:\Program Files\Microsoft.NET
        2008-02-27 13:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
        2008-02-26 17:06 885 ----a-w C:\Program Files\uninstal.log
        2008-02-24 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
        2008-02-24 11:46 --------- d-----w C:\Program Files\Omerta Script
        2008-02-21 18:40 --------- d-----w C:\Program Files\ffdshow
        2008-02-19 16:30 --------- d-----w C:\Documents and Settings\Nisse\Application Data\Xfire
        2008-02-17 09:12 --------- d-s---w C:\Program Files\Xfire
        2008-02-16 12:46 --------- d-----w C:\Program Files\Native Instruments
        2008-02-16 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
        2008-02-16 12:37 --------- d-----w C:\Program Files\EA GAMES
        2008-02-16 12:35 --------- d-----w C:\Program Files\DominateGame
        2008-02-16 00:16 --------- d-----w C:\Program Files\Microsoft Games
        2008-02-13 12:53 --------- d-----w C:\Program Files\AviSynth 2.5
        2008-02-11 17:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
        2008-02-05 12:07 --------- d-----w C:\Program Files\PKR
        2008-02-04 15:53 --------- d-----w C:\Documents and Settings\Wietse\Application Data\Creative
        2008-02-04 15:31 --------- d-----w C:\Program Files\Creative
        2008-02-04 14:17 --------- d-----w C:\Documents and Settings\Wietse\Application Data\Winamp
        2008-02-02 12:18 --------- d-----w C:\Documents and Settings\Nisse\Application Data\Azureus
        2008-01-28 12:25 --------- d-----w C:\Program Files\Musicnotes
        2008-01-28 12:25 --------- d-----w C:\Documents and Settings\Wietse\Application Data\Sibelius Software
        2008-01-26 17:29 --------- d-----w C:\Program Files\Common Files\Adobe
        2008-01-26 16:14 --------- d-----w C:\Program Files\Bonjour
        2008-01-26 16:03 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
        2008-01-20 11:38 --------- d-----w C:\Program Files\Pinnacle
        2008-01-20 11:08 1,156 ----a-w C:\Program Files\INSTALL.LOG
        2008-01-20 09:56 --------- d-----w C:\Program Files\Maxis
        2008-01-19 17:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
        2008-01-19 15:35 --------- d-----w C:\Documents and Settings\Nisse\Application Data\Apple Computer
        2008-01-19 14:55 --------- d-----w C:\Program Files\AC3Filter
        2008-01-18 21:37 --------- d-----w C:\Documents and Settings\Nisse\Application Data\Pinnacle Systems
        2008-01-14 19:03 --------- d-----w C:\Documents and Settings\Wietse\Application Data\Talkback
        2008-01-11 18:33 --------- d-----w C:\Documents and Settings\Wietse\Application Data\Xfire
        2008-01-09 15:54 --------- d-----w C:\Documents and Settings\Nisse\Application Data\SmartFTP
        2008-01-07 20:45 --------- d-----w C:\Program Files\SmartFTP Client 2.5 Setup Files
        2008-01-07 20:45 --------- d-----w C:\Program Files\SmartFTP Client
        2006-11-04 17:25 48,640 ----a-w C:\Documents and Settings\Nisse\timeseal.exe
        1998-02-10 17:34 128,000 ----a-w C:\Program Files\UNWISE.EXE
        .

        ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-A0E8-F362B197B82D}]
        C:\WINDOWS\system32\pbbenlv2.dll

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
        "{4E7BD74F-2B8D-469E-A0E8-F362B197B82D}"= "C:\WINDOWS\system32\pbbenlv2.dll" [ ]

        [HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-a0e8-f362b197b82d}]
        [HKEY_CLASSES_ROOT\pbbenlv2.PBBENLV2]

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
        "{4E7BD74F-2B8D-469E-A0E8-F362B197B82D}"= C:\WINDOWS\system32\pbbenlv2.dll [ ]

        [HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-a0e8-f362b197b82d}]
        [HKEY_CLASSES_ROOT\pbbenlv2.PBBENLV2]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
        "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00 208952]
        "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
        "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
        "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280]
        "dbservices"="scm -Silent 1 -Action 1 -Service mssqlserver"
        "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-05 19:13 185896]
        "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

        C:\Documents and Settings\Wietse\Menu Start\Programma's\Opstarten\
        OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\microsoft office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

        C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
        SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 11:11:48 6395464]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttqn]
        awtttqn.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
        "SoundMan"="SOUNDMAN.EXE"
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
        "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe"
        "S7UB Start"="C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB
        "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
        "FIREBOX"="C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe"
        "PCMService"="c:\Apps\Powercinema\PCMService.exe"
        "AlcWzrd"="ALCWZRD.EXE"
        "Alcmtr"="ALCMTR.EXE"
        "Telemeter 3.0"="C:\Program Files\Telemeter 3.0\telemeter3.exe"
        "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
        "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
        "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
        "PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
        "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe"
        "LWBMOUSE"=C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
        "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
        "ChrisTV Agent"="C:\Program Files\ChrisTV\ChrisTV_Agent.exe"
        "IRAssistant"=C:\Program Files\Dusco\IRAssistant\IRAssistant.exe -noSplash
        "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
        "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe"
        "USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
        "PCLEPCI"=C:\PROGRA~1\Pinnacle\PPE\PPE.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\security center]
        "AntiVirusDisableNotify"=dword:00000001

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
        "DisableMonitoring"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
        "C:\\Program Files\\Azureus\\Azureus.exe"=
        "C:\\Siemens\\Common\\sqlany\\dbsrv50.exe"=
        "C:\\Program Files\\National Instruments\\LabVIEW 8.2\\LabVIEW.exe"=
        "C:\\Program Files\\Xfire\\Xfire.exe"=
        "C:\\Program Files\\National Instruments\\Shared\\Example Finder\\1.0\\BIN\\NIExampleFinder.exe"=
        "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
        "C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "C:\\Program Files\\BearShare\\BearShare.exe"=
        "C:\\mysql\\mysql-5.0.24a-win32\\bin\\mysqld.exe"=
        "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
        "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
        "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
        "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
        "C:\\Program Files\\microsoft office\\Office12\\OUTLOOK.EXE"=
        "C:\\Program Files\\microsoft office\\Office12\\GROOVE.EXE"=
        "C:\\Program Files\\microsoft office\\Office12\\ONENOTE.EXE"=
        "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
        "C:\WINDOWS\system32\aphaetci.exe"= C:\WINDOWS\system32\aph
        "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

        R0 NIPALK;NIPALK;C:\WINDOWS\system32\drivers\nipalk.sys [2006-07-13 07:56]
        R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-07-27 09:00]
        R2 Dpmtrcdd;Dpmtrcdd;C:\WINDOWS\system32\DRIVERS\dpmtrcdd.sys [2001-06-27 07:59]
        R2 DUNTLW;SA UNITELWAY Protocol;C:\WINDOWS\system32\drivers\duntlw.sys [1999-03-11 15:29]
        R2 gpib420;GPIB Analyzer;C:\WINDOWS\system32\drivers\gpib420.sys [2006-02-13 10:45]
        R2 GpibPrtK;Gpib Port;C:\WINDOWS\system32\drivers\gpibprtk.sys [2006-02-13 10:45]
        R2 lvalarmk;lvalarmk;C:\WINDOWS\system32\drivers\lvalarmk.dll [2005-07-27 07:58]
        R2 mxssvr;NI Configuration Manager;"C:\Program Files\National Instruments\MAX\nimxs.exe" [2006-07-15 18:47]
        R2 NICitadel5Service;National Instruments Citadel;C:\WINDOWS\system32\nicitdl5.exe [2005-11-13 21:31]
        R2 nidimk;nidimk;C:\WINDOWS\system32\drivers\nidimk.dll [2006-07-13 11:04]
        R2 nidmxfk;nidmxfk;C:\WINDOWS\system32\drivers\nidmxfk.dll [2006-07-19 23:19]
        R2 niemrk;niemrk;C:\WINDOWS\system32\drivers\niemrk.dll [2006-07-20 17:50]
        R2 nifslk;nifslk;C:\WINDOWS\system32\drivers\nifslk.dll [2006-07-16 02:16]
        R2 nimxpk;nimxpk;C:\WINDOWS\system32\drivers\nimxpk.dll [2006-07-15 23:55]
        R2 nipxirmk;nipxirmk;C:\WINDOWS\system32\drivers\nipxirmk.dll [2006-07-18 08:34]
        R2 niswdk;niswdk;C:\WINDOWS\system32\drivers\niswdk.dll [2006-07-15 23:16]
        R2 NITaggerService;National Instruments Variable Engine;"C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe" [2006-07-25 16:36]
        R2 nixsrk;nixsrk;C:\WINDOWS\system32\drivers\nixsrk.dll [2006-07-20 17:50]
        R2 usb6xxxk;usb6xxxk;C:\WINDOWS\system32\drivers\usb6xxxk.dll [2006-07-16 01:22]
        R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-08 17:58]
        R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 19:08]
        R3 nicdrk;nicdrk;C:\WINDOWS\system32\drivers\nicdrk.dll [2006-07-15 23:50]
        R3 nimdbgk;nimdbgk;C:\WINDOWS\system32\drivers\nimdbgk.dll [2006-07-13 10:34]
        R3 nimru2k;nimru2k;C:\WINDOWS\system32\drivers\nimru2k.dll [2006-07-13 11:58]
        R3 nimsdrk;nimsdrk;C:\WINDOWS\system32\drivers\nimsdrk.dll [2006-07-15 23:05]
        R3 nimstsk;nimstsk;C:\WINDOWS\system32\drivers\nimstsk.dll [2006-07-15 23:07]
        R3 nimxdfk;nimxdfk;C:\WINDOWS\system32\drivers\nimxdfk.dll [2006-07-13 11:30]
        R3 niorbk;niorbk;C:\WINDOWS\system32\drivers\niorbk.dll [2006-07-13 10:22]
        R3 niscdk;niscdk;C:\WINDOWS\system32\drivers\niscdk.dll [2006-07-15 23:42]
        R3 nisdigk;nisdigk;C:\WINDOWS\system32\drivers\nisdigk.dll [2006-07-16 01:22]
        R3 nitiork;nitiork;C:\WINDOWS\system32\drivers\nitiork.dll [2006-07-15 23:57]
        R3 ps_1394;ps_1394;C:\WINDOWS\system32\Drivers\ps_1394.sys [2004-10-14 14:33]
        R3 ps_avs;ps_avs;C:\WINDOWS\system32\Drivers\ps_avs.sys [2004-10-14 14:33]
        S3 AVCSTRM;AVC Streaming Filter Driver;C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-03 23:10]
        S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys [2006-11-03 12:03]
        S3 MPCSYS;MPCSYS;C:\WINDOWS\system32\DRIVERS\mpcsys.sys [2007-03-11 18:09]
        S3 MSTAPE;Microsoft AV/C Tape Subunit Device;C:\WINDOWS\system32\DRIVERS\mstape.sys [2004-08-03 23:10]
        S3 nidsark;nidsark;C:\WINDOWS\system32\drivers\nidsark.dll [2006-07-20 17:39]
        S3 niesrk;niesrk;C:\WINDOWS\system32\drivers\niesrk.dll [2006-07-20 17:50]
        S3 nimslk;nimslk;C:\WINDOWS\system32\drivers\nimslk.dll [2006-06-05 17:03]
        S3 nimsrlk;nimsrlk;C:\WINDOWS\system32\drivers\nimsrlk.dll [2006-06-05 17:03]
        S3 nipalusb;NI-PAL USB Driver;C:\WINDOWS\system32\DRIVERS\nipalusb.sys [2006-07-13 07:55]
        S3 nisftk;nisftk;C:\WINDOWS\system32\drivers\nisftk.dll [2006-07-15 23:39]
        S3 nismbusk;nismbusk;C:\WINDOWS\system32\drivers\nismbusk.sys [2006-07-18 08:51]
        S3 nispdk;nispdk;C:\WINDOWS\system32\drivers\nispdk.dll [2006-07-15 23:42]
        S3 nissrk;nissrk;C:\WINDOWS\system32\drivers\nissrk.dll [2006-07-20 17:50]
        S3 nistc2k;nistc2k;C:\WINDOWS\system32\drivers\nistc2k.dll [2006-06-05 23:21]
        S3 nistcrk;nistcrk;C:\WINDOWS\system32\drivers\nistcrk.dll [2006-07-15 23:57]
        S3 NiViFWK;NI-VISA FireWire Driver;C:\WINDOWS\system32\drivers\NiViFWK.sys [2006-07-14 10:57]
        S3 NiViPciK;NI-VISA PCI Driver;C:\WINDOWS\system32\drivers\NiViPciK.sys [2006-07-14 10:56]
        S3 NiViPxiK;NI-VISA PXI Driver;C:\WINDOWS\system32\drivers\NiViPxiK.sys [2006-07-14 10:56]
        S3 niwfrk;niwfrk;C:\WINDOWS\system32\drivers\niwfrk.dll [2006-07-20 17:50]
        S3 RDID1003;EDIROL UM-2;C:\WINDOWS\system32\Drivers\rdwm1003.sys [2005-06-03 19:35]
        S3 RDID1027;EDIROL PCR;C:\WINDOWS\system32\Drivers\rdwm1027.sys [2006-09-28 14:44]
        S3 s7oefs_x;SIMATIC MPI/EFS Driver;C:\WINDOWS\system32\drivers\s7oefs_x.sys [2000-03-28 09:05]
        S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2007-03-30 16:08]
        S4 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d72c80fd-351b-11db-95f5-000feab85129}]
        \Shell\AutoRun\command - K:\Autorun.exe

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6b6a020-8516-11db-96dd-000feab85129}]
        \Shell\AutoRun\command - J:\LaunchU3.exe -a

        .
        Inhoud van de 'Gedeelde Taken' map
        "2008-02-25 15:55:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
        - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
        .
        **************************************************************************

        catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-03-07 20:25:57
        Windows 5.1.2600 Service Pack 2 NTFS

        scannen van verborgen processen ...

        scannen van verborgen autostart items ...

        scannen van verborgen bestanden ...

        Scan succesvol afgerond
        verborgen bestanden: 0

        **************************************************************************
        .
        ------------------------ Other Running Processes ------------------------
        .
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\WINDOWS\system32\cisvc.exe
        C:\WINDOWS\system32\lkcitdl.exe
        C:\WINDOWS\system32\lkads.exe
        C:\WINDOWS\system32\lktsrv.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
        C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
        C:\WINDOWS\system32\nisvcloc.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\WINDOWS\system32\nipalsm.exe
        C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
        C:\WINDOWS\system32\nipalsm.exe
        C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
        C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
        C:\Program Files\Windows Live\Messenger\usnsvc.exe
        C:\WINDOWS\system32\cidaemon.exe
        .
        **************************************************************************
        .
        Voltooingstijd: 2008-03-07 20:32:55 - machine was rebooted
        ComboFix-quarantined-files.txt 2008-03-07 19:32:50
        .
        2008-02-27 20:36:10 --- E O F ---
        • Citaat

        Comment

        • #5
          Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
          Dit zal alles van RVAXO doen verwijderen.

          Je Java software is verouderd.
          Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
          Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
          • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
          • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
          • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
          • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
          • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
          • Herhaal dit tot alle oudere versies verdwenen zijn.
          • Na het verwijderen van alle oudere versies, herstart je pc.
          • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


          Download ATF cleaner (mirror)(gemaakt door Atribune)

          Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

          Dubbelklik op ATF cleaner om het programma te starten.
          Op het tabblad "Main", plaats je een vinkje bij Select All.
          Klik op de knop Empty Selected.

          Het volgende doen als je ook FireFox als browser hebt:
          Klik op tabblad "Firefox", plaats een vinkje bij Select All.
          Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
          (dit haalt het vinkje weer weg bij "Firefox saved passwords")
          Klik op de knop Empty Selected.

          Het volgende doen als je ook Opera als browser hebt:
          Klik op tabblad "Opera", plaats een vinkje bij Select All.
          Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
          Klik op de knop Empty Selected.
          Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

          Ga naar Start - Uitvoeren en geef hier het volgende in:
          Combofix /U
          Druk daarna op OK.
          Let op: Er moet een spatie tussen Combofix en /U zitten.

          Dit zal Combofix deïnstalleren.

          Post als laatste nog een nieuw logje van Hijackthis ter controle
          • Citaat

          Comment

          • #6
            Alvast enorm bedankt, als ik men PC zou binnendoen in een winkel met een probleem als dit, dan vegen ze gegarandeerd alles van mijn schijf af en herinstalleren ze alles. Dan sta je nog verder achteruit vind ik.

            Dit is de log na alle instructies te hebben uitgevoerd:

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 23:24:59, on 7/03/2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16608)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\Program Files\Bonjour\mDNSResponder.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\lkcitdl.exe
            C:\WINDOWS\system32\lkads.exe
            C:\WINDOWS\system32\lktsrv.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
            C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
            C:\Program Files\National Instruments\MAX\nimxs.exe
            C:\WINDOWS\system32\nicitdl5.exe
            C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
            C:\WINDOWS\system32\nisvcloc.exe
            C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
            C:\WINDOWS\system32\PnkBstrA.exe
            C:\WINDOWS\system32\slserv.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
            C:\Program Files\Common Files\Real\Update_OB\realsched.exe
            C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Windows Live\Messenger\msnmsgr.exe
            C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
            C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
            C:\WINDOWS\system32\nipalsm.exe
            C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
            C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
            C:\WINDOWS\system32\ZoneLabs\vsmon.exe
            C:\Program Files\Windows Live\Messenger\usnsvc.exe
            C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
            C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
            C:\WINDOWS\system32\msiexec.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://extra.khk.be/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: PBBENLV2 - {4E7BD74F-2B8D-469E-A0E8-F362B197B82D} - C:\WINDOWS\system32\pbbenlv2.dll (file missing)
            O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O3 - Toolbar: PBBENLV2 - {4E7BD74F-2B8D-469E-A0E8-F362B197B82D} - C:\WINDOWS\system32\pbbenlv2.dll (file missing)
            O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
            O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
            O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC"
            O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName"
            O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
            O4 - HKLM\..\Run: [dbservices] scm -Silent 1 -Action 1 -Service mssqlserver
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
            O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\microsoft office\Office12\ONENOTEM.EXE
            O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
            O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
            O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
            O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\benl.htm
            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dentish.spaces.live.com//PhotoUpload/MsnPUpld.cab
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187726370703
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187726337828
            O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://dentish.spaces.live.com/PhotoUpload/MsnPUpld.cab
            O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
            O20 - Winlogon Notify: awtttqn - awtttqn.dll (file missing)
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
            O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
            O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
            O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
            O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
            O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
            O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
            O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
            O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
            O23 - Service: National Instruments Citadel (NICitadel5Service) - National Instruments, Inc. - C:\WINDOWS\system32\nicitdl5.exe
            O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
            O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
            O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
            O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
            O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
            O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
            O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
            O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
            O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
            O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
            O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

            --
            End of file - 10698 bytes

            Alles lijkt nu ook veeeeeeel vlotter te draaien, op 1 ding na:
            Bij het opstarten van windows, wanneer de icoontjes rechts onderaan één voor één verschijnen, stopt de PC ongeveer een minuutje. De processor is dan blijkbaar ergens mee bezig want ik hoor dan de koeling even harder blazen, maar ondertussen doet de pc echt niks. Eenmaal dat voorbij is, is er geen probleem meer en lijkt alles in orde. Ik heb geen idee van wat dit voortkomt en op zich is dat niet zo'n probleem, maar het zou eigenlijk niet mogen...
            • Citaat

            Comment

            • #7
              Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
              O2 - BHO: PBBENLV2 - {4E7BD74F-2B8D-469E-A0E8-F362B197B82D} - C:\WINDOWS\system32\pbbenlv2.dll (file missing)
              O3 - Toolbar: PBBENLV2 - {4E7BD74F-2B8D-469E-A0E8-F362B197B82D} - C:\WINDOWS\system32\pbbenlv2.dll (file missing)
              O20 - Winlogon Notify: awtttqn - awtttqn.dll (file missing)
              Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

              Download Dial-a-fix-2006 en pak beide bestanden in hun eigen map uit naar je Bureaublad.
              • In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
                In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
                Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
                Sluit dit venster na afloop door onderaan op "Exit" te klikken.
              Geeft dat verbetering?
              • Citaat

              Comment

              • #8
                De pc start wel sneller op maar het probleem blijft. Het lijkt echt of de pc even 'hangt' en dan na een minuut plots weer doorgaat alsof er niets aan de hand is. In de tussentijd staat de ventilator wel te koelen zohard als hij kan. Nu, ik maak hier niet echt een probleem van zolang het hierbij blijft. Dus als jullie niet direct een oplossing weten, mag het voor mij hier afgesloten worden. Ik ben al enorm tevreden dat de pc terug degelijk werkt, volgens mij zat die echt op het randje om niet meer op te starten... Buiten dat opstartprobleem is dus alles terug in orde. Bedankt hiervoor!!!
                • Citaat

                Comment

                • #9
                  Graag gedaan hoor

                  Het laatste probleem lijkt me niet malwaregerelateerd, voor dergelijke problemen hebben we een speciale sectie:
                  Nucia Security Forums
                  http://www.nucia.eu/forum/forumdisplay.php?f=13

                  Stel eventueel daar je vraag nog eens
                  • Citaat

                  Comment

                  • #10
                    Moesten jullie mijn probleem ooit nog tegenkomen, het wordt blijkbaar veroorzaakt door ZoneAlarm. Het forum van ZoneAlarm zelf staat blijkbaar vol van vergelijkbare meldingen.
                    • Citaat

                    Comment

                    • #11
                      Bedankt voor de melding
                      • Citaat

                      Comment

                      Vorige template Volgende
                      Sorry, you are not authorized to view this page
                      Working...
                      X