Mededeling

Collapse
No announcement yet.

Popups door spyware/malware...

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Popups door spyware/malware...

    Ik heb sinds kort weer last van spyware. Ik krijg steeds popups.

    Hier is in ieder geval mijn logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:02:00, on 23-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe
    C:\Program Files\Lexmark 2400 Series\ezprint.exe
    C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Nucia\SpywareGuard\sgmain.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\Nucia\SpywareGuard\sgbhp.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\lxcrcoms.exe
    C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\regsvr32.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\regsvr32.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
    C:\Documents and Settings\HP_Administrator\Bureaublad\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\Nucia\SpywareGuard\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Nucia\Spybot\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: The enqvwkp - {31F68405-A7AE-4D05-917C-97C4CBFE05A0} - C:\WINDOWS\enqvwkp.dll (file missing)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,[email protected]
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\Nucia\SpywareGuard\sgmain.exe
    O4 - Global Startup: G DATA Firewall Tray.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Nucia\Spybot\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Nucia\Spybot\SDHelper.dll
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187805901680
    O21 - SSODL: agrlmvp - {2B8F4494-CD9B-4F62-B3A0-3D906B543849} - C:\WINDOWS\agrlmvp.dll
    O21 - SSODL: bmlvqkn - {1AD5ABC4-5164-4F44-B066-6BB09EE48E03} - C:\WINDOWS\bmlvqkn.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
    O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe
    O23 - Service: AVK-bewaker (AVKWCtl) - Unknown owner - C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe
    O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    O23 - Service: G DATA Persoonlijke Firewall (GDFwSvc) - Unknown owner - C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 11832 bytes
    Never blame yourself

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Comment


    • #3
      Oké, hier is het 1e logje:

      ---RVAXO.exe Updated: 2008-01-23---first run---
      Files found:
      C:\WINDOWS\system32\_000003_.tmp.dll
      C:\WINDOWS\system32\_000005_.tmp.dll
      C:\WINDOWS\system32\_000006_.tmp.dll
      C:\WINDOWS\system32\_000007_.tmp.dll
      C:\WINDOWS\system32\_000008_.tmp.dll
      C:\WINDOWS\system32\_000009_.tmp.dll
      C:\WINDOWS\system32\_000010_.tmp.dll
      C:\WINDOWS\system32\_000011_.tmp.dll
      C:\WINDOWS\system32\_000012_.tmp.dll
      C:\WINDOWS\ddwlxtqfls.dll
      C:\WINDOWS\search_res.txt
      C:\WINDOWS\fxtqdrl.exe
      C:\WINDOWS\agrlmvp.dll
      C:\WINDOWS\system32\actskn45.ocx

      Uninstallers Rogue scanners:


      Folders Found:

      C:\Program Files\MediaRoverCodec
      C:\Program Files\MediaSupplyCodec

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------

      En het 2e logje:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:35:21, on 23-1-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe
      C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\CDBurnerXP\NMSAccessU.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
      C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\eHome\ehmsas.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
      C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
      C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
      C:\Program Files\Logitech\QuickCam\Quickcam.exe
      C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
      C:\Program Files\Lexmark 2400 Series\ezprint.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
      C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\lxcrcoms.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\Nucia\SpywareGuard\sgmain.exe
      C:\Program Files\Nucia\SpywareGuard\sgbhp.exe
      C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
      C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
      C:\HP\KBD\KBD.EXE
      c:\windows\system\hpsysdrv.exe
      C:\Documents and Settings\HP_Administrator\Bureaublad\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\Nucia\SpywareGuard\dlprotect.dll
      O2 - BHO: XTN Monitor - {4AF1F021-A9E8-4465-AE1D-D9BBFF43B961} - C:\WINDOWS\ddwlxtqfls.dll (file missing)
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Nucia\Spybot\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: The enqvwkp - {31F68405-A7AE-4D05-917C-97C4CBFE05A0} - C:\WINDOWS\enqvwkp.dll (file missing)
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
      O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
      O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
      O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,[email protected]
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
      O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
      O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
      O4 - Startup: SpywareGuard.lnk = C:\Program Files\Nucia\SpywareGuard\sgmain.exe
      O4 - Global Startup: G DATA Firewall Tray.lnk = ?
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Nucia\Spybot\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Nucia\Spybot\SDHelper.dll
      O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187805901680
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
      O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe
      O23 - Service: AVK-bewaker (AVKWCtl) - Unknown owner - C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe
      O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
      O23 - Service: G DATA Persoonlijke Firewall (GDFwSvc) - Unknown owner - C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
      O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
      O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

      --
      End of file - 11344 bytes
      Never blame yourself

      Comment


      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.

        Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
        O2 - BHO: XTN Monitor - {4AF1F021-A9E8-4465-AE1D-D9BBFF43B961} - C:\WINDOWS\ddwlxtqfls.dll (file missing)
        O3 - Toolbar: The enqvwkp - {31F68405-A7AE-4D05-917C-97C4CBFE05A0} - C:\WINDOWS\enqvwkp.dll (file missing)

        Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

        Download ATF cleaner (mirror)(gemaakt door Atribune)

        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

        Dubbelklik op ATF cleaner om het programma te starten.
        Op het tabblad "Main", plaats je een vinkje bij Select All.
        Klik op de knop Empty Selected.

        Het volgende doen als je ook FireFox als browser hebt:
        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
        Klik op de knop Empty Selected.

        Het volgende doen als je ook Opera als browser hebt:
        Klik op tabblad "Opera", plaats een vinkje bij Select All.
        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        Klik op de knop Empty Selected.
        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
        Kijk hier hoe je je systeemherstel moet uitschakelen.
        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

        Post als laatste nog een nieuw logje van Hijackthis ter controle

        Comment


        • #5
          Ik heb alles gedaan wat je zei. Hier is het nieuwe logje:


          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 20:00:34, on 23-1-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
          C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe
          C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe
          C:\WINDOWS\eHome\ehRecvr.exe
          C:\WINDOWS\eHome\ehSched.exe
          C:\WINDOWS\ehome\ehtray.exe
          C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
          C:\WINDOWS\RTHDCPL.EXE
          C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
          C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
          C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
          C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
          C:\Program Files\Logitech\QuickCam\Quickcam.exe
          C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
          C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
          C:\Program Files\CDBurnerXP\NMSAccessU.exe
          C:\Program Files\Lexmark 2400 Series\ezprint.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
          C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
          C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
          C:\Program Files\MSN Messenger\MsnMsgr.Exe
          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
          C:\Program Files\Logitech\SetPoint\SetPoint.exe
          C:\Program Files\Nucia\SpywareGuard\sgmain.exe
          C:\Program Files\Nucia\SpywareGuard\sgbhp.exe
          C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
          C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.exe
          C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
          C:\Documents and Settings\HP_Administrator\Bureaublad\HiJackThis.exe
          C:\HP\KBD\KBD.EXE

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\Nucia\SpywareGuard\dlprotect.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Nucia\Spybot\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
          O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
          O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
          O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
          O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
          O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
          O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
          O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
          O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
          O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
          O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
          O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,[email protected]
          O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
          O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
          O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe"
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
          O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
          O4 - Startup: SpywareGuard.lnk = C:\Program Files\Nucia\SpywareGuard\sgmain.exe
          O4 - Global Startup: G DATA Firewall Tray.lnk = ?
          O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Nucia\Spybot\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Nucia\Spybot\SDHelper.dll
          O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
          O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187805901680
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
          O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe
          O23 - Service: AVK-bewaker (AVKWCtl) - Unknown owner - C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe
          O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
          O23 - Service: G DATA Persoonlijke Firewall (GDFwSvc) - Unknown owner - C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
          O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
          O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
          O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
          O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
          O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

          --
          End of file - 11058 bytes
          Never blame yourself

          Comment


          • #6
            Logje ziet er goed uit hoor

            Comment


            • #7
              En deze regel is geen spy-/malware?

              O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
              Never blame yourself

              Comment


              • #8
                link gaat naar hp.com
                Ik dacht dat deze gerelateerd aan HP was.

                Comment


                • #9
                  Oké. Hartstikke bedankt voor je hulp wederom !!!!!!
                  Never blame yourself

                  Comment


                  • #10
                    Graag gedaan hoor

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X