Mededeling

Collapse
No announcement yet.

foutmelding bij opstart

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    foutmelding bij opstart

    Beste

    ik krijg volgende foutmelding bij opstart van mijn pc
    van c:\WINDOWS\SYSTEM32\gzmrt.dll
    kan opgegeven module niet vinden.
    Graag hulp

    Logfile of HijackThis.txt v1.99.1
    Scan saved at 19:41:49, on 2/01/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HIJACKTHIS\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - (no file)
    O2 - BHO: ads_optimizer - {26E45419-7205-4fac-BBFE-174BC7337A79} - C:\WINDOWS\System32\nsz9.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\System32\gzmrt.dll" DllStart
    O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
    O4 - HKCU\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197891850573
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: scsi2usb - scsi2usb.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    Labels: Geen
    • Citaat
  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.
    • Citaat

    Comment

    • #3
      gzmrt.dll foutmelding

      Beste,

      Hierna het logfile na het lopen van RVAXO



      Logfile of HijackThis.txt v1.99.1
      Scan saved at 17:23:06, on 4/01/2008
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
      C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Outlook Express\msimn.exe
      C:\HIJACKTHIS\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
      O4 - HKCU\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Startup: PowerReg Scheduler.exe
      O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
      O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197891850573
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O20 - Winlogon Notify: scsi2usb - scsi2usb.dll (file missing)
      O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
      • Citaat

      Comment

      • #4
        Heb je het logje van RVAXO ook nog: C:\rvaxo-results.log

        Download Combofix naar je Bureaublad.
        Dubbelklik op Combofix.exe
        Kies voor "Continue" door 1 te typen gevolgd door ENTER.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
        Plaats deze log in je volgende post.

        NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
        • Citaat

        Comment

        • #5
          Na het draaien van combofix plaats ik volgende log:

          ComboFix 08-01-07.4 - Frank 2008-01-07 11:29:02.1 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.77 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\Frank\Bureaublad\ComboFix.exe
          * Nieuw herstelpunt werd aangemaakt
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\system32\ksl48.bin
          C:\WINDOWS\system32\nsz9.dll
          C:\WINDOWS\system32\scsipsrvc.sys
          C:\WINDOWS\system32\winio.dll

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

          .
          -------\LEGACY_SCSIPSRVC


          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
          .

          2008-01-07 11:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
          2008-01-04 17:15 . 2008-01-04 17:15 <DIR> d-------- C:\RVAXO
          2008-01-04 16:46 . 2008-01-04 17:42 587,634 --a------ C:\WINDOWS\system32\RVAXO.bat
          2008-01-04 16:46 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
          2008-01-02 19:38 . 2008-01-04 17:33 <DIR> d-------- C:\HIJACKTHIS
          2007-12-17 12:54 . 2007-12-17 12:57 <DIR> d-------- C:\Program Files\Lavasoft
          2007-12-17 12:54 . 2007-12-17 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
          2007-12-17 12:47 . 2004-07-01 23:10 360,448 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
          2007-12-17 12:47 . 2004-07-01 23:10 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
          2007-12-17 12:47 . 2004-07-01 23:10 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
          2007-12-17 12:47 . 2004-07-01 23:10 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
          2007-12-17 12:47 . 2004-07-01 23:10 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
          2007-12-17 12:44 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
          2007-12-14 21:35 . 2007-12-14 21:36 <DIR> d-------- C:\Program Files\TuneUp Utilities 2004
          2007-12-14 21:35 . 2007-12-17 12:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2007-12-14 21:35 . 2007-12-14 21:35 <DIR> d-------- C:\Documents and Settings\Frank\Application Data\TuneUp Software
          2007-12-14 21:35 . 2007-12-14 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
          2007-12-14 17:37 . 2007-12-14 17:39 <DIR> d-------- C:\Program Files\Hitman Pro
          2007-12-14 17:03 . 2008-01-04 20:54 <DIR> dr-h----- C:\Documents and Settings\Frank\Onlangs geopend
          2007-12-14 16:34 . 2007-12-14 16:34 <DIR> d-------- C:\Program Files\easy cleaner ToniArts
          2007-12-14 15:58 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-04 16:49 --------- d-----w C:\Documents and Settings\Frank\Application Data\LimeWire
          2007-12-31 17:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-12-31 17:22 --------- d-----w C:\Program Files\Ulead Systems
          2007-12-31 17:22 --------- d-----w C:\Program Files\Common Files\Ulead Systems
          2007-12-31 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
          2007-12-18 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2007-12-14 22:44 --------- d-----w C:\Program Files\Winamp
          2007-12-14 16:35 --------- d-----w C:\Program Files\Disk Cleaner
          2007-12-14 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
          2007-12-14 15:54 --------- d-----w C:\Documents and Settings\Ken\Application Data\LimeWire
          2007-12-14 14:58 --------- d-----w C:\Program Files\Java
          2007-12-14 12:04 --------- d-----w C:\Documents and Settings\Frank\Application Data\AVG7
          2007-12-13 20:25 --------- d-----w C:\Program Files\PC Tune-Up
          2007-12-13 20:23 --------- d-----w C:\Program Files\PopupPopper
          2007-11-29 20:37 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
          2007-11-29 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
          2007-11-19 14:12 --------- d-----w C:\Program Files\Google
          2007-10-20 12:34 77,648 -c--a-w C:\Documents and Settings\Frank\Application Data\GDIPFONTCACHEV1.DAT
          2007-02-01 16:17 4,414,583 -c--a-w C:\Program Files\advanced windows care Setup opruimprogram.exe
          2004-10-13 18:48 12,800 -csha-w C:\Program Files\Thumbs.db
          2004-06-17 15:53 5,737,748 -c--a-w C:\Documents and Settings\Ken\ArcadeInstallFull14d.EXE
          2004-02-11 18:50 76,568 -c--a-w C:\Documents and Settings\Ken\Application Data\GDIPFONTCACHEV1.DAT
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-12 12:32 67128]
          "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 08:48 579072]
          "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "NvCplDaemon"="RUNDLL32.exe" [2001-09-07 13:00 32256 C:\WINDOWS\system32\rundll32.exe]
          "nwiz"="nwiz.exe" [2001-10-16 12:03 323584 C:\WINDOWS\system32\nwiz.exe]
          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-12-29 21:36 77824]
          "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
          "HotKey"="C:\WINDOWS\Twain_32\SlimU2\HotKey.exe" [2002-08-07 10:38 618496]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-09-07 13:00 13312]
          "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 11:39 219136]

          C:\Documents and Settings\Ken\Menu Start\Programma's\Opstarten\
          PowerReg Scheduler.exe [2006-06-26 15:45:09]

          C:\Documents and Settings\Frank\Menu Start\Programma's\Opstarten\
          PowerReg Scheduler.exe [2007-10-08 16:59:35]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Adobe Reader - Schnellstart.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2007-10-30 18:12:13]
          Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-12 12:32:16]
          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
          Ulead Photo Express 4.0 SE Calendar Checker .lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2003-12-03 21:53:45]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
          "NoResolveSearch"= 1 (0x1)

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\scsi2usb]

          R2 MarxDev1;MarxDev1;C:\WINDOWS\System32\drivers\MarxDev1.sys [2001-05-28 15:30]
          R2 MarxDev2;MarxDev2;C:\WINDOWS\System32\drivers\MarxDev2.sys [2001-05-28 15:30]
          R2 MarxDev3;MarxDev3;C:\WINDOWS\System32\drivers\MarxDev3.sys [2001-05-28 15:30]
          R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\System32\DRIVERS\nvcap.sys [2001-10-16 12:02]
          R2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\System32\DRIVERS\nvtunep.sys [2001-10-16 12:02]
          R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\System32\DRIVERS\nvtvsnd.sys [2001-10-16 12:02]
          R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2001-10-16 12:02]
          R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2005-12-17 12:47]
          S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [2006-10-30 12:46]

          .
          Inhoud van de 'Gedeelde Taken' map
          "2007-12-28 16:15:55 C:\WINDOWS\Tasks\Easy Onderhoud.job"
          - C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-07 11:37:07
          Windows 5.1.2600 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-01-07 11:39:50 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-01-07 10:39:46
          • Citaat

          Comment

          • #6
            Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
            Dit zal alles van RVAXO doen verwijderen.

            Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
            O4 - Startup: PowerReg Scheduler.exe
            O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
            O20 - Winlogon Notify: scsi2usb - scsi2usb.dll (file missing)
            O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
            Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Ga naar Start - Uitvoeren en geef hier het volgende in:
            Combofix /U
            Druk daarna op OK.
            Let op: Er moet een spatie tussen Combofix en /U zitten.

            Dit zal Combofix deïnstalleren.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Post als laatste nog een nieuw logje van Hijackthis ter controle
            • Citaat

            Comment

            • #7
              Alles gedaan zoals je voorgeschreven had met hieronder logfile

              Logfile of HijackThis.txt v1.99.1
              Scan saved at 9:13:07, on 8/01/2008
              Platform: Windows XP (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 (6.00.2600.0000)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\Explorer.EXE
              C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
              C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
              C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
              C:\WINDOWS\System32\nvsvc32.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
              C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
              C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
              C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
              C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
              C:\Program Files\Outlook Express\msimn.exe
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\HIJACKTHIS\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
              O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
              O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
              O4 - HKCU\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              O4 - Startup: PowerReg Scheduler.exe
              O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
              O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
              O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
              O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
              O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197891850573
              O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
              O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
              O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
              O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
              O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
              O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
              • Citaat

              Comment

              • #8
                TeaTimer van Spybot is actief, deze moet uitgeschakeld worden omdat deze wijzigingen met Hijackthis weer ongedaan gaat maken.

                Spybot openen > Modus > Geavanceerde modus > Gereedschap > Resident > TeaTimer uitschakelen > PC Herstarten

                Download het volgende naar je bureaublad:
                http://downloads.subratam.org/ResetTeaTimer.bat

                Dubbelklik daarna op ResetTeaTimer.bat.

                Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                O4 - Startup: PowerReg Scheduler.exe
                O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
                O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
                Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

                Herstart je PC en post een nieuw logje van Hijackthis
                • Citaat

                Comment

                • #9
                  volgend logje na reset teatimer


                  Logfile of HijackThis.txt v1.99.1
                  Scan saved at 11:07:47, on 10/01/2008
                  Platform: Windows XP (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
                  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
                  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
                  C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
                  C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
                  C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                  C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
                  C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
                  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
                  C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                  C:\WINDOWS\System32\nvsvc32.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Internet Explorer\IEXPLORE.EXE
                  C:\WINDOWS\System32\wuauclt.exe
                  C:\HIJACKTHIS\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                  O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
                  O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
                  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                  O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
                  O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
                  O4 - HKCU\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
                  O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
                  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                  O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                  O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
                  O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
                  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197891850573
                  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
                  O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
                  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
                  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
                  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                  O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
                  • Citaat

                  Comment

                  • #10
                    Logje ziet er goed uit, zijn alle problemen nu ook voorbij?
                    • Citaat

                    Comment

                    • #11
                      DE foutmelding verschijnt niet meer bij de opstart.
                      Bedankt voor de moeite.
                      Was er nu sprake van een virus ofzo?
                      Mag ik teatimer terug aanzetten in spyblock?
                      Met dank
                      • Citaat

                      Comment

                      • #12
                        Graag gedaan hoor

                        Je had een bepaalde adware infectie, deze zorgde voor die melding.

                        Spybot TeaTimer mag je weer aan zetten
                        • Citaat

                        Comment

                        • #13
                          Ik heb nu nog het programma ATF cleaner en ResetTeaTime op mijn bureaublad staan.
                          Mag ik die verwijderen door ze gewoon naar de prullenbak te slepen?
                          • Citaat

                          Comment

                          • #14
                            Die bestanden mogen wel weg
                            • Citaat

                            Comment

                            Vorige template Volgende
                            Sorry, you are not authorized to view this page
                            Working...
                            X