Krijg zo nu en dan eens een foutmelding bij opstarten pc.

ftp://users.pandora.be/Clioke16V/ndt2%20foutmelding.JPG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42:35, on 3/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Beveiligings Software\AdAware2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Games\Xfire2\xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\BEVEIL~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\BEVEIL~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\BEVEIL~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Beveiligings Software\AdAware2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe

--
End of file - 8429 bytes

Hallo en welkom,


Download: RVAXO.exe (http://home.hetnet.nl/~stefsmeenk/RVAXO.exe)
Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
Je kunt het programma laten uitpakken naar je bureaublad.
Open nu de map RVAXO op je bureaublad en dubbelklik RVAXO.cmd
Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze zijn werk doen.

Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent.
Deze is eventueel ook hier te vinden: C:\RVAXO-results.log
Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.

Herstart je PC niet?

Laat RVAXO nog een keer lopen en post dan het nieuwe logje: C:\rvaxo-results.log

plaats ook een nieuw HJT logje

HIJACK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:24:17, on 4/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Beveiligings Software\AdAware2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
D:\Games\NFSPS\PB\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\BEVEIL~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\BEVEIL~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\BEVEIL~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Beveiligings Software\AdAware2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Games\NFSPS\PB\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe

--
End of file - 8167 bytes


----------------RVAXO.exe first run-------------

Files found:

C:\WINDOWS\system32\perfs.exe

Uninstallers Rogue scanners:


Folders Found:


Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

Folders Found:

--------------RVAXO.exe finished----------------

Download Combofix (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe) naar je Bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.

ComboFix 08-01-06.3 - Kvn 2008-01-05 20:23:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.32.1043.18.1513 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Kvn\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))
.

2008-01-05 20:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 04:47 . 2008-01-05 04:47 <DIR> dr-h----- C:\Documents and Settings\Kvn\Onlangs geopend
2008-01-05 04:41 . 2003-12-17 14:38 97,848 --a------ C:\WINDOWS\system32\bass.dll
2008-01-05 03:07 . 2008-01-05 03:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies
2008-01-04 23:09 . 2008-01-04 23:10 <DIR> d-------- C:\RVAXO
2008-01-04 21:21 . 2008-01-04 21:21 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-01-04 21:20 . 2008-01-04 20:53 589,745 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-01-04 21:20 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2008-01-04 21:10 . 2008-01-04 21:10 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-01-04 00:43 . 2008-01-04 00:43 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_010 05.Wdf
2008-01-04 00:39 . 2008-01-04 00:39 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2008-01-03 22:42 . 2008-01-03 22:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-31 04:08 . 2007-12-31 04:08 53,248 --a------ C:\WINDOWS\system32\suppdll.dll
2007-12-31 04:08 . 2008-01-02 04:17 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2007-12-29 20:26 . 2007-12-29 20:26 <DIR> d-------- C:\Documents and Settings\Kvn\Application Data\ImgBurn
2007-12-29 18:41 . 2007-12-29 18:41 <DIR> d-------- C:\Program Files\Western Digital Technologies
2007-12-29 18:39 . 2007-12-29 18:39 <DIR> d-------- C:\WINDOWS\Cache
2007-12-20 01:24 . 2007-12-20 01:24 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-20 01:24 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-20 01:24 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-20 01:24 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-20 01:24 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-20 01:24 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-20 01:24 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-20 01:24 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-20 01:08 . 2007-12-24 20:39 253,440 --a------ C:\WINDOWS\system32\ndt2.sys
2007-12-20 01:08 . 2007-12-20 01:08 45,056 --a------ C:\WINDOWS\system32\Indt2.sys
2007-12-20 01:08 . 2007-12-20 01:08 32,256 --a------ C:\WINDOWS\system32\routing.exe
2007-12-20 01:08 . 2007-12-20 01:08 40 --a------ C:\WINDOWS\system32\drmgs.sys
2007-12-19 02:51 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-19 02:51 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-19 02:44 . 2007-12-19 02:44 <DIR> d-------- C:\Documents and Settings\Kvn\Application Data\Logitech
2007-12-19 02:42 . 2007-12-19 02:42 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2007-12-19 02:42 . 2007-12-19 02:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-19 02:42 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2007-12-19 02:42 . 2007-11-15 10:07 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2007-12-19 02:42 . 2007-11-15 10:07 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-12-19 02:42 . 2007-11-15 10:07 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-12-19 02:42 . 2007-11-15 10:07 76,304 --a------ C:\WINDOWS\system32\KemXML.dll
2007-12-19 02:20 . 2007-12-19 02:20 <DIR> d-------- C:\Program Files\Belkin
2007-12-19 02:20 . 2005-01-19 11:01 1,396,831 --a------ C:\WINDOWS\system32\AegisE5.dll
2007-12-19 02:20 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-12-19 02:20 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\F5D7051.dll
2007-12-19 02:20 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2007-12-19 02:20 . 2004-03-30 16:57 29,184 --a------ C:\WINDOWS\system32\drivers\RNDISMPK.sys
2007-12-19 02:20 . 2007-12-19 02:20 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-12-19 02:20 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2007-12-19 02:20 . 2004-03-30 16:57 13,824 --a------ C:\WINDOWS\system32\drivers\usb8023k.sys
2007-12-17 00:10 . 2007-12-17 23:57 <DIR> d-------- C:\Documents and Settings\Kvn\Application Data\Ventrilo
2007-12-16 00:03 . 2007-12-20 01:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-11 19:47 . 2007-12-11 19:47 <DIR> d-------- C:\Documents and Settings\Kvn\Application Data\THQ
2007-12-08 22:06 . 2007-12-08 22:06 <DIR> d-------- C:\Program Files\IBoot
2007-12-08 21:59 . 2007-12-08 21:59 <DIR> d-------- C:\My Audio
2007-12-08 21:48 . 2007-12-20 01:43 <DIR> d-------- C:\Program Files\Mio Technology
2007-12-08 03:26 . 2007-12-08 03:26 <DIR> d-------- C:\Program Files\Activision

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-05 02:45 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-05 02:45 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-05 02:45 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-04 22:14 --------- d-----w C:\Documents and Settings\Kvn\Application Data\Kingston
2008-01-04 22:02 --------- d-----w C:\Documents and Settings\Kvn\Application Data\Xfire
2008-01-04 20:23 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-01-04 20:23 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-01-04 20:11 22,328 ----a-w C:\Documents and Settings\Kvn\Application Data\PnkBstrK.sys
2008-01-04 00:19 --------- d-----w C:\Documents and Settings\Kvn\Application Data\Corel
2008-01-03 23:51 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-03 23:39 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-01-03 00:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 00:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-01-02 00:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-31 17:10 --------- d-----w C:\Documents and Settings\Kvn\Application Data\DVD Profiler
2007-12-28 19:43 --------- d-----w C:\Documents and Settings\Kvn\Application Data\LimeWire
2007-12-28 19:34 --------- d-----w C:\Documents and Settings\Kvn\Application Data\XnView
2007-12-19 01:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 01:42 --------- d-----w C:\Program Files\Logitech
2007-12-19 01:35 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-08 20:47 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-02 22:41 --------- d-----w C:\Documents and Settings\Kvn\Application Data\Ashampoo
2007-12-02 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2007-11-27 19:26 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-27 19:16 769,536 ----a-w C:\Documents and Settings\Kvn\Application Data\sfdnwin.dll
2007-11-27 18:50 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 01:17 --------- d-----w C:\Program Files\ISP Monitor
2007-11-10 01:17 --------- d-----w C:\Documents and Settings\Kvn\Application Data\ISP Monitor
2007-11-08 22:48 --------- d-----w C:\Documents and Settings\Kvn\Application Data\ESET
2007-11-08 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 19:32 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-10-24 18:20 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-24 18:20 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-24 18:20 8,527,872 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-24 18:20 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-24 18:20 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-24 18:20 6,541,312 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-24 18:20 5,767,936 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-24 18:20 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-24 18:20 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-24 18:20 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-24 18:20 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-24 18:20 380,928 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-24 18:20 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-10-24 18:20 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-24 18:20 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-24 18:20 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-24 18:20 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-24 18:20 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-24 18:20 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-24 18:20 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-24 18:20 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-24 18:20 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-24 18:20 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-24 18:20 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-24 18:20 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-24 18:20 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-24 18:20 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-10-24 18:20 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-24 18:20 1,212,416 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-24 18:20 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-10-20 20:38 464,935 ----a-w C:\WINDOWS\leela bond-high.exe
2007-10-20 20:36 297,878 ----a-w C:\WINDOWS\Walkies.exe
2007-10-20 20:35 330,459 ----a-w C:\WINDOWS\el-chupenebre.exe
2007-10-20 20:32 317,986 ----a-w C:\WINDOWS\Futurama Warp.exe
2007-10-20 20:32 28,672 ----a-w C:\WINDOWS\kmouse32.dll
2007-10-12 22:19 13,653,824 ----a-w C:\WINDOWS\system32\xlivefnt.dll
2007-10-12 22:19 10,155,840 ----a-w C:\WINDOWS\system32\xlive.dll
2007-10-07 23:41 532,480 ----a-w C:\WINDOWS\system32\briblo.scr
2007-10-07 23:40 532,480 ----a-w C:\WINDOWS\system32\FLIQLO.scr
2007-05-19 19:51 472,656 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2007-05-19 19:56 88 --sh--r C:\WINDOWS\system32\7535FC3251.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 13:20 81920]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 12:53 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-24 19:20 8527872]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

C:\Documents and Settings\Kvn\Menu Start\Programma's\Opstarten\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-10-29 10:37:29]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-19 02:42:46]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ WinCinema Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Kvn^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Kvn^Menu Start^Programma's^Opstarten^Muis- en toetsenbordinstellingen van Logitech.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Kvn^Menu Start^Programma's^Opstarten^Xfire.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 20:43 331776 C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
--a------ 2006-11-14 14:25 363008 C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-05-24 05:20 17920 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-05-24 05:20 18944 C:\WINDOWS\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
--a------ 2003-09-11 04:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISPMonitor]
--a------ 2007-11-04 23:42 441680 C:\Program Files\ISP Monitor\isp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
-r------- 2006-06-02 09:45 385024 C:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-03-14 20:01 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-08-04 00:03 33792 C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-04-04 13:20 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-10-24 19:20 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-10-24 19:20 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 01:08 2512392 C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 14:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-14 20:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-05-28 09:14 528384 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 15:46 1460560 D:\Beveiligings Software\Spybot - Search & Destroy15\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 20:37]
R2 ISPMonitorSrv;ISP Monitor;C:\Program Files\ISP Monitor\ISPMonitorSrv.exe [2007-07-05 20:27]
R2 perfmons;perfmons Service;C:\WINDOWS\system32\perfs.exe [2001-09-07 12:00]
R2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe [2007-12-20 01:08]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:03]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-24 04:40]
S2 NvNdis;NVIDIA NDIS IO Control Driver;C:\WINDOWS\system32\Drivers\NvNdis.sys []
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 05:28]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;D:\Beveiligings Software\EVEREST Ultimate Edition\kerneld.wnt [2007-04-04 23:00]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-04 00:39]
S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys []
S3 LUsbKbd;SetPoint USB Keyboard Filter;C:\WINDOWS\system32\Drivers\LUsbKbd.Sys [2006-07-19 11:28]
S3 mfpdrv;mfpdrv;C:\Program Files\MFP Server Utilities\mfpdrv.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 WUSBVBus;MFP Server Detector;C:\WINDOWS\system32\DRIVERS\mfpvbus.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{40fd94a8-fe17-11db-a1b6-001150c638b1}]
\Shell\AutoRun\command - I:\PortableApps\PortableAppsMenu\PortableAppsMenu. exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5e220aca-e812-11db-a16d-001150c638b1}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{cce27d3a-18f7-11dc-a246-001150c638b1}]
\Shell\AutoRun\command - G:\PortableApps\PortableAppsMenu\PortableAppsMenu. exe

*Newly Created Service* - PROCEXP90
.
Inhoud van de 'Gedeelde Taken' map
"2008-01-03 00:41:26 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- D:\Beveiligings Software\TuneUp\SystemOptimizer.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 20:25:45
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
Voltooingstijd: 2008-01-06 20:26:21
.
2008-01-05 03:21:00 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:56, on 6/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Beveiligings Software\AdAware2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\BEVEIL~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\BEVEIL~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\BEVEIL~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Beveiligings Software\AdAware2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe

--
End of file - 8327 bytes


( net na scannen van combofix kreeg ik opnieuw die foutmelding* )

EDIT : is het ook normaal dat die nu voor elk programma dat gebruik maakt van internet ook terug de meldig gaat geven van > blijven blokeren, blokering opheffen ?

m'n msn, mirc, en Xfire gaf hij deze melding al.

Wat geeft die melding van blokkeren ?



Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
C:\Windows\System32\ndt2.sys
C:\Windows\System32\Indt2.sys
C:\WINDOWS\system32\drmgs.sys
C:\Windows\System32\routing.exe
C:\Windows\system32\perfs.exe



Driver::
perfmons
Routing




Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.



Plaats ook een nieuw HJT logje aub

ComboFix 08-01-06.3 - Kvn 2008-01-07 17:38:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1555 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Kvn\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kvn\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE
C:\WINDOWS\system32\drmgs.sys
C:\Windows\System32\Indt2.sys
C:\Windows\System32\ndt2.sys
C:\Windows\system32\perfs.exe
C:\Windows\System32\routing.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drmgs.sys
C:\Windows\System32\Indt2.sys
C:\Windows\System32\ndt2.sys
C:\Windows\system32\perfs.exe
C:\Windows\System32\routing.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_PERFMONS
-------\LEGACY_ROUTING
-------\perfmons
-------\Routing


(((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
.

2008-01-05 20:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 04:47 . 2008-01-07 17:38 <DIR> dr-h----- C:\Documents and Settings\Kvn\Onlangs geopend
2008-01-05 04:41 . 2003-12-17 14:38 97,848 --a------ C:\WINDOWS\system32\bass.dll
2008-01-05 03:07 . 2008-01-05 03:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies
2008-01-04 23:09 . 2008-01-04 23:10 <DIR> d-------- C:\RVAXO
2008-01-04 21:21 . 2008-01-04 21:21 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-01-04 21:20 . 2008-01-04 20:53 589,745 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-01-04 21:20 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2008-01-04 21:10 . 2008-01-04 21:10 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-01-04 00:43 . 2008-01-04 00:43 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_010 05.Wdf
2008-01-04 00:39 . 2008-01-04 00:39 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2008-01-03 22:42 . 2008-01-03 22:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-31 04:08 . 2007-12-31 04:08 53,248 --a------ C:\WINDOWS\system32\suppdll.dll
2007-12-31 04:08 . 2008-01-02 04:17 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2007-12-29 20:26 . 2007-12-29 20:26 <DIR> d-------- C:\Documents and Settings\Kvn\Application Data\ImgBurn
2007-12-29 18:41 . 2007-12-29 18:41 <DIR> d-------- C:\Program Files\Western Digital Technologies
2007-12-29 18:39 . 2007-12-29 18:39 <DIR> d-------- C:\WINDOWS\Cache
2007-12-20 01:24 . 2007-12-20 01:24 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-20 01:24 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-20 01:24 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-20 01:24 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-20 01:24 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-20 01:24 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-20 01:24 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-20 01:24 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-19 02:51 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-19 02:51 . 2001-09-06 19:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-19 02:44 . 2007-12-19 02:44 <DIR> d-------- C:\Documents and Settings\Kvn\Application Data\Logitech
2007-12-19 02:42 . 2007-12-19 02:42 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2007-12-19 02:42 . 2007-12-19 02:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-19 02:42 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2007-12-19 02:42 . 2007-11-15 10:07 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2007-12-19 02:42 . 2007-11-15 10:07 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-12-19 02:42 . 2007-11-15 10:07 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-12-19 02:42 . 2007-11-15 10:07 76,304 --a------ C:\WINDOWS\system32\KemXML.dll
2007-12-19 02:20 . 2007-12-19 02:20 <DIR> d-------- C:\Program Files\Belkin
2007-12-19 02:20 . 2005-01-19 11:01 1,396,831 --a------ C:\WINDOWS\system32\AegisE5.dll
2007-12-19 02:20 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-12-19 02:20 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\F5D7051.dll
2007-12-19 02:20 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2007-12-19 02:20 . 2004-03-30 16:57 29,184 --a------ C:\WINDOWS\system32\drivers\RNDISMPK.sys
2007-12-19 02:20 . 2007-12-19 02:20 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-12-19 02:20 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2007-12-19 02:20 . 2004-03-30 16:57 13,824 --a------ C:\WINDOWS\system32\drivers\usb8023k.sys
2007-12-17 00:10 . 2007-12-17 23:57 <DIR> d-------- C:\Documents and Settings\Kvn\Application Data\Ventrilo
2007-12-16 00:03 . 2007-12-20 01:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-11 19:47 . 2007-12-11 19:47 <DIR> d-------- C:\Documents and Settings\Kvn\Application Data\THQ
2007-12-08 22:06 . 2007-12-08 22:06 <DIR> d-------- C:\Program Files\IBoot
2007-12-08 21:59 . 2007-12-08 21:59 <DIR> d-------- C:\My Audio
2007-12-08 21:48 . 2007-12-20 01:43 <DIR> d-------- C:\Program Files\Mio Technology
2007-12-08 03:26 . 2007-12-08 03:26 <DIR> d-------- C:\Program Files\Activision

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-06 21:01 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-04 22:14 --------- d-----w C:\Documents and Settings\Kvn\Application Data\Kingston
2008-01-04 22:02 --------- d-----w C:\Documents and Settings\Kvn\Application Data\Xfire
2008-01-04 20:11 22,328 ----a-w C:\Documents and Settings\Kvn\Application Data\PnkBstrK.sys
2008-01-04 00:19 --------- d-----w C:\Documents and Settings\Kvn\Application Data\Corel
2008-01-03 23:51 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-03 23:39 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-01-03 00:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 00:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-01-02 00:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-31 17:10 --------- d-----w C:\Documents and Settings\Kvn\Application Data\DVD Profiler
2007-12-28 19:43 --------- d-----w C:\Documents and Settings\Kvn\Application Data\LimeWire
2007-12-28 19:34 --------- d-----w C:\Documents and Settings\Kvn\Application Data\XnView
2007-12-19 01:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 01:42 --------- d-----w C:\Program Files\Logitech
2007-12-19 01:35 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-08 20:47 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-02 22:41 --------- d-----w C:\Documents and Settings\Kvn\Application Data\Ashampoo
2007-12-02 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2007-11-27 19:26 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-27 19:16 769,536 ----a-w C:\Documents and Settings\Kvn\Application Data\sfdnwin.dll
2007-11-27 18:50 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 01:17 --------- d-----w C:\Program Files\ISP Monitor
2007-11-10 01:17 --------- d-----w C:\Documents and Settings\Kvn\Application Data\ISP Monitor
2007-11-08 22:48 --------- d-----w C:\Documents and Settings\Kvn\Application Data\ESET
2007-11-08 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2007-10-20 20:38 464,935 ----a-w C:\WINDOWS\leela bond-high.exe
2007-10-20 20:36 297,878 ----a-w C:\WINDOWS\Walkies.exe
2007-10-20 20:35 330,459 ----a-w C:\WINDOWS\el-chupenebre.exe
2007-10-20 20:32 317,986 ----a-w C:\WINDOWS\Futurama Warp.exe
2007-10-20 20:32 28,672 ----a-w C:\WINDOWS\kmouse32.dll
2007-05-19 19:51 472,656 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2007-05-19 19:56 88 --sh--r C:\WINDOWS\system32\7535FC3251.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-06_20.25.48,71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-01-05 02:45:47 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
+ 2008-01-06 21:01:13 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
+ 2008-01-07 16:43:13 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5a4.dat
+ 2008-01-07 16:42:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_73c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 13:20 81920]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 12:53 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-24 19:20 8527872]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

C:\Documents and Settings\Kvn\Menu Start\Programma's\Opstarten\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-10-29 10:37:29]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-19 02:42:46]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ WinCinema Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Kvn^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Kvn^Menu Start^Programma's^Opstarten^Muis- en toetsenbordinstellingen van Logitech.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Kvn^Menu Start^Programma's^Opstarten^Xfire.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 20:43 331776 C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
--a------ 2006-11-14 14:25 363008 C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-05-24 05:20 17920 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-05-24 05:20 18944 C:\WINDOWS\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
--a------ 2003-09-11 04:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISPMonitor]
--a------ 2007-11-04 23:42 441680 C:\Program Files\ISP Monitor\isp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
-r------- 2006-06-02 09:45 385024 C:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-03-14 20:01 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-08-04 00:03 33792 C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-04-04 13:20 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-10-24 19:20 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-10-24 19:20 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 01:08 2512392 C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 14:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-14 20:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-05-28 09:14 528384 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 15:46 1460560 D:\Beveiligings Software\Spybot - Search & Destroy15\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 20:37]
R2 ISPMonitorSrv;ISP Monitor;C:\Program Files\ISP Monitor\ISPMonitorSrv.exe [2007-07-05 20:27]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:03]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-24 04:40]
S2 NvNdis;NVIDIA NDIS IO Control Driver;C:\WINDOWS\system32\Drivers\NvNdis.sys []
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 05:28]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;D:\Beveiligings Software\EVEREST Ultimate Edition\kerneld.wnt [2007-04-04 23:00]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-04 00:39]
S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys []
S3 LUsbKbd;SetPoint USB Keyboard Filter;C:\WINDOWS\system32\Drivers\LUsbKbd.Sys [2006-07-19 11:28]
S3 mfpdrv;mfpdrv;C:\Program Files\MFP Server Utilities\mfpdrv.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 WUSBVBus;MFP Server Detector;C:\WINDOWS\system32\DRIVERS\mfpvbus.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{40fd94a8-fe17-11db-a1b6-001150c638b1}]
\Shell\AutoRun\command - I:\PortableApps\PortableAppsMenu\PortableAppsMenu. exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5e220aca-e812-11db-a16d-001150c638b1}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{cce27d3a-18f7-11dc-a246-001150c638b1}]
\Shell\AutoRun\command - G:\PortableApps\PortableAppsMenu\PortableAppsMenu. exe

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-03 00:41:26 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- D:\Beveiligings Software\TuneUp\SystemOptimizer.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 17:43:16
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
Voltooingstijd: 2008-01-07 17:44:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-07 16:43:43
ComboFix2.txt 2008-01-06 19:26:22
.
2008-01-05 03:21:00 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:35, on 7/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Beveiligings Software\AdAware2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\BEVEIL~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\BEVEIL~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\BEVEIL~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Beveiligings Software\AdAware2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 8113 bytes

Hoe gaat het nu ??

Nu vroeg hij terug van die blokering opheffen etc... ( windows firewall ), dit is geen probleem want ik hoef ook maar 1 enkel keer op toestaan drukken.

De fout heb ik nog niet gehad sinds vorige keer.

Hou deze nog ff open en ik laat later deze week nog iets van me horen hier.

Alvast bedankt voor al de moeite.

ps > wat heb ik nu feitelijk allemaal moeten doen in mensentaal?

of wat scheelde er. ( als het een te groot antwoord is > negeer gewoon :D )

Na het gebruik van RVAXO zal een bestand met de naam Uninstall.cmd in de map RVAXO op het bureaublad staan.
Dubbelklikken van dat bestand zal alles van RVAXO verwijderen(mits het op het bureaublad is opgeslagen)


Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

Verwijder de volgende map:
C:\Qoobox\


Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U, kies optie 2 en Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

http://i78.photobucket.com/albums/j116/amateur_photos/CFuninstall.png

ok, alles is al delete.

Ik hou u zeker op de hoogte moest de fout zich nog voortdoen.

alle sinds bedankt voor de moeite en tijd.

Geen probleem hoor. Graag gedaan.:good:

Mag gesloten worden, heb foutmelding niet meer gezien.

bedankt makker !