Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hallo ik krijg een virus niet van m`n computer af

bartvanbeek
10 antwoorden
  • Hallo m`n computer verstuurd hele tijd spam mail, ik heb al vanalles geprobeerd maar kan het er niet af krijgen. Wie kan me helpen?
    Kaspersky anti virus heb ik gedownload en die geeft deze melding,
    24-1-2008 12:08:35 C:\WINDOWS\system32\svchost.exe Opdringerig proces: C:\WINDOWS\system32\svchost.exe Process ID (PID): 1276 Poging tot innesteling in proces: C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe Process ID (PID): 3568





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:14:45, on 24-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\WINDOWS\PixArt\PAC207\Monitor.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\FinePixViewer\QuickDCF2.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/webhp?sourceid=navclient&hl=nl&ie=UTF-8
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
    un
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\qwinmldq.exe P2D002
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [{23-3B-B8-83-ZN}] C:\windows\system32\kldsrngo.exe P2D002
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Startup: OpenOffice.org 2.1 .lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: Exif Launcher 2.lnk = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Anti-Virus voor internet statistieken - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex
    actrl.cab?lmi=100
    O23 - Service: Kaspersky Anti Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    End of file - 11446 bytes


    Als iemand me kan helpen zou ik daar heel blij mee zijn.





  • Mogge,


    Voer de volgende acties eerst uit:
    Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma:
    [b:3de7816202]Enhanced Ads by Think-Adz removal
    Think-Adz Search Assistant removal
    [/b:3de7816202]

    start opnieuw op.
  • Schakel [b:b50e79085b]Spybot's TeaTimer[/b:b50e79085b] even uit, omdat deze de fix in de weg kan zitten:
    - Start Spybot
    - Ga naar Mode > selecteer Advanced Mode
    - Ga naar Tools en klik op het Resident-icoon in de lijst
    - Haal het vinkje weg bij Resident [b:b50e79085b]TeaTimer[/b:b50e79085b] en klik OK
    - Herstart de computer

    Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
    Dubbelklik op [b:b50e79085b]ResetTeaTimer.bat[/b:b50e79085b] om alle entries in [b:b50e79085b] TeaTimer[/b:b50e79085b] te verwijderen.
    [i:b50e79085b]Als de computer schoon is, kun je [b:b50e79085b]TeaTimer[/b:b50e79085b] weer aan zetten [/i:b50e79085b]

    Download [b:b50e79085b]Combofix[/b:b50e79085b] naar je Bureaublad.
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:b50e79085b]download Combofix opnieuw[/b:b50e79085b]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:b50e79085b]
    Dubbelklik op [b:b50e79085b]Combofix.exe[/b:b50e79085b]
    Volg de instructies, aanvaard de disclaimer door [b:b50e79085b]1[/b:b50e79085b] (continue) te typen, gevolgd door [b:b50e79085b]ENTER[/b:b50e79085b].
    Tijdens het runnen van de fix, [b:b50e79085b]NIET[/b:b50e79085b] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:b50e79085b]
    Wanneer de fix voltooid is en na herstart, zal de log [b:b50e79085b]combofix.txt[/b:b50e79085b] openen.
    [i:b50e79085b]Plaats dit log in je volgende post samen met een nieuw HijackThis log.[/i:b50e79085b]
  • Hallo ik heb de dingen gedaan die in de reactie`s stonden

    en dit is de log van combofix en van hijackthis.
    alvast bedankt voor de hulp

    ComboFix 08-01-23.1C - HP_Administrator 2008-01-27 12:14:54.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.361 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\5OJ8LS61\ComboFix[1].exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\Autorun.inf

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-27 to 2008-01-27 ))))))))))))))))))))))))))))))
    .

    2008-01-26 17:15 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\Nircmd.exe
    2008-01-23 21:18 . 2008-01-27 12:25 0 –a—— C:\WINDOWS\system.ini
    2008-01-23 12:45 . 2008-01-23 12:47 1,374 –a—— C:\WINDOWS\imsins.BAK
    2008-01-22 17:06 . 2008-01-27 12:24 <DIR> d——– C:\Program Files\Spyware Doctor
    2008-01-22 17:06 . 2007-12-10 14:53 81,288 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-22 17:06 . 2007-12-10 14:53 66,952 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-22 17:06 . 2007-12-10 14:53 41,864 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-22 17:06 . 2007-12-10 14:53 29,576 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-21 16:03 . 2008-01-21 16:03 <DIR> d——– C:\Program Files\Common Files\Application
    2008-01-21 16:03 . 2008-01-21 16:03 <DIR> d——– C:\Program Files\Common Files\Ankiro
    2008-01-21 16:02 . 2008-01-27 12:08 <DIR> d——– C:\Program Files\SPAMfighter
    2008-01-18 12:31 . 2008-01-18 12:31 <DIR> d——– C:\Program Files\Trend Micro
    2008-01-17 15:58 . 2008-01-17 15:58 244 –ah—– C:\sqmnoopt19.sqm
    2008-01-17 15:58 . 2008-01-17 15:58 232 –ah—– C:\sqmdata19.sqm
    2008-01-17 15:56 . 2008-01-17 15:56 244 –ah—– C:\sqmnoopt18.sqm
    2008-01-17 15:56 . 2008-01-17 15:56 232 –ah—– C:\sqmdata18.sqm
    2008-01-17 15:55 . 2008-01-17 15:55 244 –ah—– C:\sqmnoopt17.sqm
    2008-01-17 15:55 . 2008-01-17 15:55 232 –ah—– C:\sqmdata17.sqm
    2008-01-17 15:42 . 2008-01-17 15:42 244 –ah—– C:\sqmnoopt16.sqm
    2008-01-17 15:42 . 2008-01-17 15:42 232 –ah—– C:\sqmdata16.sqm
    2008-01-16 20:41 . 2008-01-16 20:41 244 –ah—– C:\sqmnoopt15.sqm
    2008-01-16 20:41 . 2008-01-16 20:41 244 –ah—– C:\sqmnoopt14.sqm
    2008-01-16 20:41 . 2008-01-16 20:41 232 –ah—– C:\sqmdata15.sqm
    2008-01-16 20:41 . 2008-01-16 20:41 232 –ah—– C:\sqmdata14.sqm
    2008-01-15 14:25 . 2008-01-15 14:25 <DIR> d——– C:\Program Files\MSN Messenger
    2008-01-15 12:21 . 2008-01-15 12:21 <DIR> d——– C:\Program Files\Kaspersky Lab
    2008-01-15 12:21 . 2008-01-27 12:24 4,653,856 –ahs—- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-01-15 12:21 . 2008-01-15 12:28 91,492 –a—— C:\WINDOWS\system32\drivers\klin.dat
    2008-01-15 12:21 . 2008-01-15 12:28 85,860 –a—— C:\WINDOWS\system32\drivers\klick.dat
    2008-01-15 12:21 . 2008-01-27 12:24 76,576 –ahs—- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-01-15 12:21 . 2008-01-26 17:07 62,012 –ahs—- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-01-15 12:21 . 2008-01-26 17:07 7,844 –ahs—- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-01-15 12:04 . 2006-11-29 13:06 3,426,072 –a—— C:\WINDOWS\system32\d3dx9_32.dll
    2008-01-15 12:03 . 2008-01-15 12:03 <DIR> d——– C:\Program Files\Microsoft SQL Server Compact Edition
    2008-01-15 11:57 . 2008-01-15 14:15 <DIR> d——– C:\Program Files\Windows Live
    2008-01-15 11:57 . 2008-01-15 11:58 <DIR> d–hsc— C:\Program Files\Common Files\WindowsLiveInstaller
    2008-01-14 10:34 . 2008-01-14 10:34 <DIR> d——– C:\WINDOWS\system32\Kaspersky Lab
    2008-01-10 09:45 . 2008-01-10 09:45 244 –ah—– C:\sqmnoopt13.sqm
    2008-01-10 09:45 . 2008-01-10 09:45 244 –ah—– C:\sqmnoopt12.sqm
    2008-01-10 09:45 . 2008-01-10 09:45 244 –ah—– C:\sqmnoopt11.sqm
    2008-01-10 09:45 . 2008-01-10 09:45 232 –ah—– C:\sqmdata13.sqm
    2008-01-10 09:45 . 2008-01-10 09:45 232 –ah—– C:\sqmdata12.sqm
    2008-01-10 09:45 . 2008-01-10 09:45 232 –ah—– C:\sqmdata11.sqm
    2008-01-03 11:59 . 2008-01-03 11:59 244 –ah—– C:\sqmnoopt10.sqm
    2008-01-03 11:59 . 2008-01-03 11:59 232 –ah—– C:\sqmdata10.sqm
    2007-12-29 14:35 . 2007-12-29 14:35 244 –ah—– C:\sqmnoopt09.sqm
    2007-12-29 14:35 . 2007-12-29 14:35 232 –ah—– C:\sqmdata09.sqm
    2007-12-29 14:32 . 2007-12-29 14:32 244 –ah—– C:\sqmnoopt08.sqm
    2007-12-29 14:32 . 2007-12-29 14:32 232 –ah—– C:\sqmdata08.sqm
    2007-12-29 14:28 . 2007-12-29 14:28 244 –ah—– C:\sqmnoopt07.sqm
    2007-12-29 14:28 . 2007-12-29 14:28 232 –ah—– C:\sqmdata07.sqm
    2007-12-29 14:26 . 2007-12-29 14:26 244 –ah—– C:\sqmnoopt06.sqm
    2007-12-29 14:26 . 2007-12-29 14:26 232 –ah—– C:\sqmdata06.sqm
    2007-12-29 14:25 . 2007-12-29 14:25 244 –ah—– C:\sqmnoopt05.sqm
    2007-12-29 14:25 . 2007-12-29 14:25 232 –ah—– C:\sqmdata05.sqm

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-23 11:08 ——— d—–w C:\Program Files\Hewlett-Packard
    2008-01-23 00:30 ——— d—–w C:\Program Files\Google
    2008-01-22 20:08 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-01-22 20:04 ——— d—–w C:\Program Files\DivX
    2008-01-18 13:49 ——— d—–w C:\Program Files\FinePixViewer
    2008-01-15 13:14 ——— d—–w C:\Program Files\Windows Live Toolbar
    2008-01-15 12:58 ——— d—–w C:\Program Files\LimeWire
    2008-01-15 10:10 ——— d—–w C:\Program Files\Lavasoft
    2008-01-14 12:21 ——— d—–w C:\Program Files\Java
    2008-01-14 11:53 ——— d—–w C:\Program Files\COMODO
    2007-12-18 18:28 ——— d—–w C:\Program Files\SiteAdvisor
    2007-11-28 16:27 40,737 —-a-w C:\WINDOWS\system32\rightonadz-uninst.exe
    2007-11-15 17:46 10,040 —-a-w C:\WINDOWS\system32\lmimirr2.dll
    2007-11-07 09:30 727,040 —-a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:30 727,040 —-a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2007-10-30 23:27 3,590,656 —-a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-30 17:20 360,064 —-a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-10-29 22:41 1,291,776 —-a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:41 1,291,776 —-a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2006-02-19 01:28 12,288 —-a-w C:\WINDOWS\Fonts\RandFont.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 03:00 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 05:00 15360]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21 1449984]
    "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 21:40 64512]
    "ftutil2"="ftutil2.dll" [2004-06-07 07:05 106496 C:\WINDOWS\system32\ftutil2.dll]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 17:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 15:19 77312 C:\WINDOWS\arpwrmsg.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 13:35 7634944]
    "nwiz"="nwiz.exe" []
    "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 01:05 90112]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 14:14 237568]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [ ]
    "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 18:23 663552]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-16 22:11 49152]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 11:36 229376]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-30 16:42 36904]
    "Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
    "postSetupCheck"="C:\WINDOWS\system32\gzmrt.dll" [ ]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]

    C:\Documents and Settings\hp1\Menu Start\Programma's\Opstarten\
    Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-09-15 20:27:28 27136]
    PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-09-15 20:27:28 27136]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-03-13 21:59:07 294912]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-03-13 19:15:08 124912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 11:44]
    S3 2bfA;2bfA;C:\WINDOWS\system32\2bfA.sys [2007-10-18 14:18]
    S3 PAC207;PC Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 13:30]

    *Newly Created Service* - PROCEXP90
    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-12-23 07:00:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-01-14 16:48:53 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
    - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-27 12:25:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-27 12:27:52
    ComboFix-quarantined-files.txt 2008-01-27 11:27:44
    .
    2008-01-11 08:37:08 — E O F —





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:31:49, on 27-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\WINDOWS\PixArt\PAC207\Monitor.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\FinePixViewer\QuickDCF2.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/webhp?sourceid=navclient&hl=nl&ie=UTF-8
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
    un
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Startup: OpenOffice.org 2.1 .lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: Exif Launcher 2.lnk = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Anti-Virus voor internet statistieken - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex
    actrl.cab?lmi=100
    O23 - Service: Kaspersky Anti Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    End of file - 11039 bytes






  • Schakel [b:f27a011b4c]Spybot's TeaTimer[/b:f27a011b4c] even uit, omdat deze de fix in de weg kan zitten:
    - Start Spybot
    - Ga naar Mode > selecteer Advanced Mode
    - Ga naar Tools en klik op het Resident-icoon in de lijst
    - Haal het vinkje weg bij Resident [b:f27a011b4c]TeaTimer[/b:f27a011b4c] en klik OK
    - Herstart de computer

    Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
    Dubbelklik op [b:f27a011b4c]ResetTeaTimer.bat[/b:f27a011b4c] om alle entries in [b:f27a011b4c] TeaTimer[/b:f27a011b4c] te verwijderen.
    [i:f27a011b4c]Als de computer schoon is, kun je [b:f27a011b4c]TeaTimer[/b:f27a011b4c] weer aan zetten [/i:f27a011b4c]

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:f27a011b4c]
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart

    [/b:f27a011b4c]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Download [b:f27a011b4c].
    [list:f27a011b4c][*:f27a011b4c]Scroll omlaag naar : "[i:f27a011b4c]Java Runtime Environment (JRE) 6u4[/i:f27a011b4c]".
    [*:f27a011b4c]Klik op de "[b:f27a011b4c]Download[/b:f27a011b4c]" knop aan de rechterkant.
    [*:f27a011b4c]In het uitklapmenu rechts naast [b:f27a011b4c]Platform[/b:f27a011b4c], selecteer
  • Hallo ik heb deze dingen allemaal gedaan ( Ben blij dat je het makkelijk uitlegt anders lukte het me nooit)
    hier zijn de logfile`s

    —RVAXO.exe Updated:
  • dit is het nieuwe logje nadat ik rvaxo nog een keer heb laten lopen
    —RVAXO.exe Updated:
  • ziet er weer netjes uit bart. Nog ergens problemen mee, zo nee kan je alle tools weer verwijderen en zet dan nog even je systeemherstel uit en weer aan.
  • het is al stukken beter, maar heb nog wel een vraagje over riskware invader, dit geeft die aan kan dat geen kwaad?

    gedetecteerd: riskware Invader Gestart proces: C:\WINDOWS\system32\Restore\rstrui.exe
    gedetecteerd: riskware Invader Gestart proces: C:\WINDOWS\system32\control.exe


    29-1-2008 13:22:56 Gestart proces C:\WINDOWS\system32\Restore\rstrui.exe: modificatie gedetecteerd van riskware Invader.
    29-1-2008 13:22:56 Process C:\WINDOWS\system32\Restore\rstrui.exe (PID: 1932): poging tot zichzelf in een proces plaatsen is geblokkeerd.
    29-1-2008 13:22:57 Gestart proces C:\WINDOWS\system32\control.exe: modificatie gedetecteerd van riskware Invader.
    29-1-2008 13:22:57 Process C:\WINDOWS\system32\control.exe (PID: 316): poging tot zichzelf in een proces plaatsen is geblokkeerd.
  • RSTRUI.EXE is het herstelprogramma onder Windows XP.


    als je verder geen problemen hebt kan je alle tools verder verwijderen.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.