Mededeling

Collapse
No announcement yet.

zlob.dnschanger

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • zlob.dnschanger

    Hallo,
    Dit is voor mij ook allemaal nieuw dus hoop dat ik het zo goed doe.
    Ik heb een probleem ik heb namelijk zlob.dnschanger steeds in mijn computer zitten spybot search and destroy vind hem steeds en verwijdert hem ook steeds maar toch komt hij steeds weer.
    Ik heb een log aangemaakt precies hoe het hier in de forum beschreven stond dus ik hoop dat ik het goed heb gedaan.
    Hier komt ie:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:09:53, on 24-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\SYSTEM32\GEARSEC.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\KEMailKb\KEMailKb.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Trust\Easy Webscan 19200\ScanPanel\ScnPanel.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\lxcfcoms.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?di&from=start.home.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://start.home.nl/?di
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\{83690E53-043D-4F34-AB5B-15885D51E125}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0013"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\KEMailKb\KEMailKb.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: ScanPanel.lnk = C:\Program Files\Trust\Easy Webscan 19200\ScanPanel\ScnPanel.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/stg_drm.ocx
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170350151734
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/armhelper.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{618299D3-F8CB-43EF-A740-5DB23576EE8C}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{63F71EA7-B2CA-4421-B05E-69993CDFA544}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{87610CFC-B38A-47F6-8D3A-1EEBE1C82BB5}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A1566356-11DF-4D28-8FCB-B7171E843052}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BA885009-9ED3-4E26-9CFF-4E629664614E}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED1F2ECC-F20D-41EC-9EC6-E2F8CF960B46}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 13219 bytes


    Ik hoop dat jullie me kunnen helpen want het is een irritant dingetje om het zo maar even te noemen.
    Alvast super bedankt voor de genomen moeite.

    Groetjes
    Jolanda

  • #2
    Download: RVAXO.exe
    Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
    Je kunt het programma laten uitpakken naar je bureaublad.
    Open nu de map RVAXO op je bureaublad en dubbelklik RVAXO.cmd
    Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze zijn werk doen.

    Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
    Laat deze lopen en wacht tot er een logfile opent.
    Deze is eventueel ook hier te vinden: C:\RVAXO-results.log
    Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Herstart je PC niet?

    Laat RVAXO nog een keer lopen en post dan het nieuwe logje: C:\rvaxo-results.log

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      ik heb gedaan wat je gezegt hebt alleen toe de computer opnieuw opstarte kreeg ik een nieuw probleem dit kwam er te staan:

      Preventie van gegevensuitvoering(DEP)-Microsoft Windows

      Om uw computer beter te beveiligen heeft Windows dit programma afgesloten

      naam: Aameldingstoepassing Userinit

      uitgever: Microsoft

      Met gevolg computer wou niet opstarten dus 3x stroom eraf gehaald en uiteindelijk gelukt toen starte de RVAXO op.
      Hier het log van de RVAXO:

      ---RVAXO.exe Updated: 2008-01-23---first run---
      Files found:
      C:\Documents and Settings\HP_Administrator\FAVORI~1\Online Security Test.url

      Uninstallers Rogue scanners:


      Folders Found:


      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------

      En hier het log van hijackthis:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:29:16, on 24-1-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\arservice.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\WINDOWS\SYSTEM32\GEARSEC.EXE
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
      C:\WINDOWS\system32\notepad.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\ARPWRMSG.EXE
      C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
      C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\PROGRA~1\KEMailKb\KEMailKb.EXE
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Trust\Easy Webscan 19200\ScanPanel\ScnPanel.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\HP\KBD\KBD.EXE
      c:\windows\system\hpsysdrv.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?di&from=start.home.nl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://start.home.nl/?di
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
      O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\{83690E53-043D-4F34-AB5B-15885D51E125}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0013"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\KEMailKb\KEMailKb.EXE
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
      O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
      O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
      O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: ScanPanel.lnk = C:\Program Files\Trust\Easy Webscan 19200\ScanPanel\ScnPanel.exe
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
      O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
      O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/stg_drm.ocx
      O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/resources/MsnPUpld.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170350151734
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
      O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/armhelper.ocx
      O17 - HKLM\System\CCS\Services\Tcpip\..\{618299D3-F8CB-43EF-A740-5DB23576EE8C}: NameServer = 208.67.220.220,208.67.222.222
      O17 - HKLM\System\CCS\Services\Tcpip\..\{63F71EA7-B2CA-4421-B05E-69993CDFA544}: NameServer = 208.67.220.220,208.67.222.222
      O17 - HKLM\System\CCS\Services\Tcpip\..\{87610CFC-B38A-47F6-8D3A-1EEBE1C82BB5}: NameServer = 208.67.220.220,208.67.222.222
      O17 - HKLM\System\CCS\Services\Tcpip\..\{A1566356-11DF-4D28-8FCB-B7171E843052}: NameServer = 208.67.220.220,208.67.222.222
      O17 - HKLM\System\CCS\Services\Tcpip\..\{BA885009-9ED3-4E26-9CFF-4E629664614E}: NameServer = 208.67.220.220,208.67.222.222
      O17 - HKLM\System\CCS\Services\Tcpip\..\{ED1F2ECC-F20D-41EC-9EC6-E2F8CF960B46}: NameServer = 208.67.220.220,208.67.222.222
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
      O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

      --
      End of file - 12907 bytes

      Hoop dat het nu goed is.
      Alvast bedankt voor de moeite

      Groetjes,
      Jolanda

      Comment


      • #4
        Ik vraag het me af.

        Print de onderstaande instructies uit omdat je de computer tijdens het fixen moet herstarten.
        (kopieer de tekst naar bijv. Word en print dit uit)


        Download SmitfraudFix.exe (by S!Ri), en plaats het op je bureaublad.
        Indien dit niet lukt, download dan vanaf deze pagina.

        Start je PC op in VEILIGE mode.
        Kijk hier hoe dat moet.

        Dubbelklik op smitfraudfix.exe
        Kies optie #2 - Clean door2 te typen, en druk op "Enter" om de
        ge?nfecteerde bestanden te verwijderen.

        Je zal een vraag krijgen: "Registry cleaning - Do you want to clean the registry ?"
        Antwoord "yes" door y te typen en druk op "Enter".

        Als je pc daarna niet heropstart, start hem dan handmatig terug op in normale modus.

        Het tooltje zal nu onderzoeken of wininet.dll geïnfecteerd is. Je kan dus de vraag krijgen of je
        het geinfecteerde bestandje wil vervangen. Antwoord dan "yes" door y te typen en druk op "Enter".

        Het kan zijn dat het tooltje je pc opnieuw laat opstarten om zijn werk te kunnen afmaken.
        Als dat niet zo is, start je pc dan handmatig opnieuw op in normale modus.
        Er zal een tekstbestandje openen met de resultaten van de fix. Post de inhoud van dit bestandje in je volgende antwoord.
        (Je kan het rapport ook vinden in c:\rapport.txt)
        Post dan ook een nieuw log van HijackThis

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Ik heb precies gedaan wat er beschreven stond alleen heb ik de computer 3 x moeten opstarten voordat ik eindelijk beeld kreeg en weer die fout die ik hierboven aangaf.
          Ik durf nu mijn computer niet eens meer opnieuw op te starten omdat ik bang ben dat ie straks helemaal niet meer doet.
          De zlob.dnschanger ben ik overigs wel kwijt hij geeft hem niet meer aan bij de inspectie van spybot search and destroy.
          Hierbij de log van de smitfraud:

          SmitFraudFix v2.274

          Scan done at 18:34:46,48, za 26-01-2008
          Run from C:\Documents and Settings\HP_Administrator\Bureaublad\SmitfraudFix
          OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
          The filesystem type is NTFS
          Fix run in safe mode

          »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
          !!!Attention, following keys are not inevitably infected!!!

          SrchSTS.exe by S!Ri
          Search SharedTaskScheduler's .dll

          »»»»»»»»»»»»»»»»»»»»»»»» Killing process


          »»»»»»»»»»»»»»»»»»»»»»»» hosts

          127.0.0.1 localhost

          »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

          S!Ri's WS2Fix: LSP not Found.


          »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

          GenericRenosFix by S!Ri


          »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


          »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

          IEDFix.exe by S!Ri


          »»»»»»»»»»»»»»»»»»»»»»»» DNS

          HKLM\SYSTEM\CCS\Services\Tcpip\..\{618299D3-F8CB-43EF-A740-5DB23576EE8C}: DhcpNameServer=213.51.129.37 213.51.144.37
          HKLM\SYSTEM\CCS\Services\Tcpip\..\{618299D3-F8CB-43EF-A740-5DB23576EE8C}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CCS\Services\Tcpip\..\{63F71EA7-B2CA-4421-B05E-69993CDFA544}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CCS\Services\Tcpip\..\{65805306-2B77-48A9-A881-CFDAAA4C788C}: DhcpNameServer=213.51.129.37 213.51.144.37
          HKLM\SYSTEM\CCS\Services\Tcpip\..\{87610CFC-B38A-47F6-8D3A-1EEBE1C82BB5}: DhcpNameServer=213.51.129.37 213.51.144.37
          HKLM\SYSTEM\CCS\Services\Tcpip\..\{87610CFC-B38A-47F6-8D3A-1EEBE1C82BB5}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D682CD5-5DBD-4823-ACE0-64DD91727787}: DhcpNameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CCS\Services\Tcpip\..\{A1566356-11DF-4D28-8FCB-B7171E843052}: DhcpNameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CCS\Services\Tcpip\..\{A1566356-11DF-4D28-8FCB-B7171E843052}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CCS\Services\Tcpip\..\{BA885009-9ED3-4E26-9CFF-4E629664614E}: DhcpNameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CCS\Services\Tcpip\..\{BA885009-9ED3-4E26-9CFF-4E629664614E}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CCS\Services\Tcpip\..\{ED1F2ECC-F20D-41EC-9EC6-E2F8CF960B46}: DhcpNameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CCS\Services\Tcpip\..\{ED1F2ECC-F20D-41EC-9EC6-E2F8CF960B46}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS1\Services\Tcpip\..\{618299D3-F8CB-43EF-A740-5DB23576EE8C}: DhcpNameServer=213.51.129.37 213.51.144.37
          HKLM\SYSTEM\CS1\Services\Tcpip\..\{618299D3-F8CB-43EF-A740-5DB23576EE8C}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS1\Services\Tcpip\..\{63F71EA7-B2CA-4421-B05E-69993CDFA544}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS1\Services\Tcpip\..\{65805306-2B77-48A9-A881-CFDAAA4C788C}: DhcpNameServer=213.51.129.37 213.51.144.37
          HKLM\SYSTEM\CS1\Services\Tcpip\..\{87610CFC-B38A-47F6-8D3A-1EEBE1C82BB5}: DhcpNameServer=213.51.129.37 213.51.144.37
          HKLM\SYSTEM\CS1\Services\Tcpip\..\{87610CFC-B38A-47F6-8D3A-1EEBE1C82BB5}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D682CD5-5DBD-4823-ACE0-64DD91727787}: DhcpNameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS1\Services\Tcpip\..\{A1566356-11DF-4D28-8FCB-B7171E843052}: DhcpNameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS1\Services\Tcpip\..\{A1566356-11DF-4D28-8FCB-B7171E843052}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS1\Services\Tcpip\..\{BA885009-9ED3-4E26-9CFF-4E629664614E}: DhcpNameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS1\Services\Tcpip\..\{BA885009-9ED3-4E26-9CFF-4E629664614E}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS1\Services\Tcpip\..\{ED1F2ECC-F20D-41EC-9EC6-E2F8CF960B46}: DhcpNameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS1\Services\Tcpip\..\{ED1F2ECC-F20D-41EC-9EC6-E2F8CF960B46}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS3\Services\Tcpip\..\{618299D3-F8CB-43EF-A740-5DB23576EE8C}: DhcpNameServer=213.51.129.37 213.51.144.37
          HKLM\SYSTEM\CS3\Services\Tcpip\..\{618299D3-F8CB-43EF-A740-5DB23576EE8C}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS3\Services\Tcpip\..\{63F71EA7-B2CA-4421-B05E-69993CDFA544}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS3\Services\Tcpip\..\{65805306-2B77-48A9-A881-CFDAAA4C788C}: DhcpNameServer=213.51.129.37 213.51.144.37
          HKLM\SYSTEM\CS3\Services\Tcpip\..\{87610CFC-B38A-47F6-8D3A-1EEBE1C82BB5}: DhcpNameServer=213.51.129.37 213.51.144.37
          HKLM\SYSTEM\CS3\Services\Tcpip\..\{87610CFC-B38A-47F6-8D3A-1EEBE1C82BB5}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D682CD5-5DBD-4823-ACE0-64DD91727787}: DhcpNameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS3\Services\Tcpip\..\{A1566356-11DF-4D28-8FCB-B7171E843052}: DhcpNameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS3\Services\Tcpip\..\{A1566356-11DF-4D28-8FCB-B7171E843052}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS3\Services\Tcpip\..\{BA885009-9ED3-4E26-9CFF-4E629664614E}: DhcpNameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS3\Services\Tcpip\..\{BA885009-9ED3-4E26-9CFF-4E629664614E}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS3\Services\Tcpip\..\{ED1F2ECC-F20D-41EC-9EC6-E2F8CF960B46}: DhcpNameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS3\Services\Tcpip\..\{ED1F2ECC-F20D-41EC-9EC6-E2F8CF960B46}: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=213.51.129.37 213.51.144.37
          HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=213.51.129.37 213.51.144.37
          HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
          HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=213.51.129.37 213.51.144.37
          HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222


          »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


          »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
          !!!Attention, following keys are not inevitably infected!!!

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
          "System"=""


          »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

          Registry Cleaning done.

          »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
          !!!Attention, following keys are not inevitably infected!!!

          SrchSTS.exe by S!Ri
          Search SharedTaskScheduler's .dll


          »»»»»»»»»»»»»»»»»»»»»»»» End

          En hier van de Hijackthis:

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 18:56:30, on 26-1-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\SYSTEM32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\arservice.exe
          C:\WINDOWS\eHome\ehRecvr.exe
          C:\WINDOWS\eHome\ehSched.exe
          C:\WINDOWS\SYSTEM32\GEARSEC.EXE
          C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
          C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\dllhost.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\ehome\ehtray.exe
          C:\WINDOWS\eHome\ehmsas.exe
          C:\WINDOWS\RTHDCPL.EXE
          C:\WINDOWS\ARPWRMSG.EXE
          C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
          C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\PROGRA~1\KEMailKb\KEMailKb.EXE
          C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
          C:\Program Files\MSN Messenger\MsnMsgr.Exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
          C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
          C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
          C:\Program Files\Trust\Easy Webscan 19200\ScanPanel\ScnPanel.exe
          C:\Program Files\WinZip\WZQKPICK.EXE
          C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
          C:\Program Files\MSN Messenger\usnsvc.exe
          C:\HP\KBD\KBD.EXE
          c:\windows\system\hpsysdrv.exe
          C:\Program Files\Internet Explorer\IEXPLORE.EXE
          C:\WINDOWS\system32\NOTEPAD.EXE
          C:\WINDOWS\system32\NOTEPAD.EXE
          C:\Program Files\Panda Security\Panda Antivirus 2008\avciman.exe
          C:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://start.home.nl/?di
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
          O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
          O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
          O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
          O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
          O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
          O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
          O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\{83690E53-043D-4F34-AB5B-15885D51E125}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0013"
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\KEMailKb\KEMailKb.EXE
          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
          O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]
          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
          O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
          O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
          O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
          O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
          O4 - Global Startup: ScanPanel.lnk = C:\Program Files\Trust\Easy Webscan 19200\ScanPanel\ScnPanel.exe
          O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
          O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
          O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
          O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
          O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/stg_drm.ocx
          O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/resources/MsnPUpld.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170350151734
          O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
          O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
          O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
          O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/armhelper.ocx
          O17 - HKLM\System\CCS\Services\Tcpip\..\{618299D3-F8CB-43EF-A740-5DB23576EE8C}: NameServer = 208.67.220.220,208.67.222.222
          O17 - HKLM\System\CCS\Services\Tcpip\..\{63F71EA7-B2CA-4421-B05E-69993CDFA544}: NameServer = 208.67.220.220,208.67.222.222
          O17 - HKLM\System\CCS\Services\Tcpip\..\{87610CFC-B38A-47F6-8D3A-1EEBE1C82BB5}: NameServer = 208.67.220.220,208.67.222.222
          O17 - HKLM\System\CCS\Services\Tcpip\..\{A1566356-11DF-4D28-8FCB-B7171E843052}: NameServer = 208.67.220.220,208.67.222.222
          O17 - HKLM\System\CCS\Services\Tcpip\..\{BA885009-9ED3-4E26-9CFF-4E629664614E}: NameServer = 208.67.220.220,208.67.222.222
          O17 - HKLM\System\CCS\Services\Tcpip\..\{ED1F2ECC-F20D-41EC-9EC6-E2F8CF960B46}: NameServer = 208.67.220.220,208.67.222.222
          O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
          O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
          O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
          O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
          O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
          O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
          O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

          --
          End of file - 11563 bytes

          Ik hoop dat het probleem verholpen kan worden want ik begin hier behoorlijk moedeloos van te worden.
          Pagina's lopen steeds vast en programma's soms kan ik zelfs niet uitloggen op pagina's.
          Snap er niks meer van.....

          Alvast bedankt voor de genomen moeite

          Groetjes
          Jolanda

          Comment


          • #6
            Leeg je Temp-mappen (Let op : de mappen leegmaken, niet verwijderen !!):


            Open de verkenner ("Mijn Computer") en kies Extra -> Mapopties...
            Controleer onder Weergave de volgende instellingen:

            Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
            Uitzetten: Extensies voor bekende bestandstypen verbergen

            Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
            Selecteer: Verborgen bestanden en mappen weergeven

            C:\Windows\Temp
            C:\Documents and Settings\<user>\Local Settings\Temp
            C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files
            C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files\content.ie5
            <user> staat hier voor je profielnaam !!
            Als de laatste map niet wordt weergegeven, ga dan naar de map Temporary Internet Files en type er \content.ie5 achter in de adresbalk en klik enter.

            Maak je prullenbak leeg.


            Start Hijackthis op en kies voor 'Do a system scan only'
            Selecteer alleen de items die hieronder zijn genoemd:

            O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\{83690E53-043D-4F34-AB5B-15885D51E125}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0013"

            Klik op 'Fix checked' om de items te verwijderen.

            start opnieuw op en vertel eens hoe het nu gaat.

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              Nee nog steeds de DEP fout erin moest hem weer 2 x opstarten helaas.
              1 Ding is mij niet duidelijk ik dacht ik vraag het liever even voordat ik het verwijder.
              Namelijk C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files\content.ie5 had ik niet dus heb ik inderdaad even content.ie5 achter getypt en enter gedrukt.
              Toen kreeg ik de volgende mappen:

              0UVUCOUO
              3GB07ASC
              FLCZO0UL
              P38ZM392
              desktop.ini configuratie-instellingen
              index.dat VideoCD-film

              Moet ik al die mappen verwijderen?
              Namelijk als ik dat wil doen krijg ik een waarschuwing dat dan mogelijk sommige programma's het niet meer doen dan.

              En in 2 temp mappen kan ik een paar files niet verwijderen omdat het vol is tegen schrijven komt er dan te staan.

              De rest heb ik wel allemaal uitgevoerd maar helaas nog steeds hetzelfde probleem heb nog een hijackthis log gemaakt:

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 13:45:45, on 27-1-2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16574)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\SYSTEM32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
              C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\arservice.exe
              C:\WINDOWS\eHome\ehRecvr.exe
              C:\WINDOWS\eHome\ehSched.exe
              C:\WINDOWS\SYSTEM32\GEARSEC.EXE
              C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\nvsvc32.exe
              C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
              C:\WINDOWS\system32\PnkBstrA.exe
              C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
              C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\dllhost.exe
              C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
              C:\WINDOWS\ehome\ehtray.exe
              C:\WINDOWS\eHome\ehmsas.exe
              C:\WINDOWS\RTHDCPL.EXE
              C:\WINDOWS\ARPWRMSG.EXE
              C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
              C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
              C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
              C:\WINDOWS\system32\wuauclt.exe
              C:\WINDOWS\system32\RUNDLL32.EXE
              C:\PROGRA~1\KEMailKb\KEMailKb.EXE
              C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
              C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
              C:\Program Files\SPYWAREfighter\spftray.exe
              C:\Program Files\MSN Messenger\MsnMsgr.Exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
              C:\Program Files\SPYWAREfighter\spfprc.exe
              C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
              C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
              C:\Program Files\Trust\Easy Webscan 19200\ScanPanel\ScnPanel.exe
              C:\Program Files\WinZip\WZQKPICK.EXE
              C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
              C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
              C:\Program Files\MSN Messenger\usnsvc.exe
              C:\HP\KBD\KBD.EXE
              c:\windows\system\hpsysdrv.exe
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?di&from=start.home.nl
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
              R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://start.home.nl/?di
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
              O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
              O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
              O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
              O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
              O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
              O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
              O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
              O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
              O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
              O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\KEMailKb\KEMailKb.EXE
              O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
              O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
              O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]
              O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
              O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
              O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
              O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
              O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
              O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
              O4 - Global Startup: ScanPanel.lnk = C:\Program Files\Trust\Easy Webscan 19200\ScanPanel\ScnPanel.exe
              O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
              O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
              O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
              O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
              O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
              O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/stg_drm.ocx
              O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/resources/MsnPUpld.cab
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170350151734
              O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
              O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
              O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
              O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Paradise%20Pet%20Salon/Images/armhelper.ocx
              O17 - HKLM\System\CCS\Services\Tcpip\..\{618299D3-F8CB-43EF-A740-5DB23576EE8C}: NameServer = 208.67.220.220,208.67.222.222
              O17 - HKLM\System\CCS\Services\Tcpip\..\{63F71EA7-B2CA-4421-B05E-69993CDFA544}: NameServer = 208.67.220.220,208.67.222.222
              O17 - HKLM\System\CCS\Services\Tcpip\..\{87610CFC-B38A-47F6-8D3A-1EEBE1C82BB5}: NameServer = 208.67.220.220,208.67.222.222
              O17 - HKLM\System\CCS\Services\Tcpip\..\{A1566356-11DF-4D28-8FCB-B7171E843052}: NameServer = 208.67.220.220,208.67.222.222
              O17 - HKLM\System\CCS\Services\Tcpip\..\{BA885009-9ED3-4E26-9CFF-4E629664614E}: NameServer = 208.67.220.220,208.67.222.222
              O17 - HKLM\System\CCS\Services\Tcpip\..\{ED1F2ECC-F20D-41EC-9EC6-E2F8CF960B46}: NameServer = 208.67.220.220,208.67.222.222
              O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
              O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
              O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
              O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
              O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
              O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
              O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
              O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
              O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
              O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
              O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
              O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
              O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

              --
              End of file - 11676 bytes

              Hoop dat ik het probleem snel kwijt ben want er komt naar mijn idee steeds meer bij want halvewege het opstarten moet ik me ineens aanmelden wat eerst ook nooit zo was

              Bedankt alweer voor de moeite ben blij dat jullie me helpen

              Groetjes
              Jolanda

              Comment


              • #8
                Deze gewoon verwijderen.

                0UVUCOUO
                3GB07ASC
                FLCZO0UL
                P38ZM392


                Download en installeer CCleaner
                (De CCLeaner Yahoo Toolbar is niet nodig)

                Start CCleaner
                Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden.
                Kies in ieder geval voor de volgende items:
                Internet Explorer:
                - Tijdelijke Internet bestanden
                Systeem:
                - Prullenbak leegmaken
                - Tijdelijke bestanden

                klik nu in Ccleaner op opschonen (rechts onderaan).

                vertel even hoe het nu gaat.

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  1 woord GEWELDIG!!!
                  Ik heb hem zelfs 2 x opgestart want kon het gewoon niet geloven maar hij geeft de foutmelding niet meer aan super ik zag het echt somber in.
                  Jullie hebben me fantastisch geholpen

                  Eigenlijk nog 1 vraagje (wil niet zeuren) maar bij het opstarten (halverwege) moet ik me aanmelden bij windows dat is een soort blauwe rechthoekige schermpje.
                  Staat gebruikersnaam (weet het niet zeker kan ook usernam o.i.d zijn) en daar onder wachtwoord (waar ik overigs niks in hoef te vullen.
                  Rechtsonder staat opties linksonder ok ik moet steeds opties en dan ok indrukken en dan start ie op ik vind dat best irritant.
                  Die wil ik heel graag kwijt is er een mogelijkheid om die uit te zetten want had hem eerst ook niet zal er super blij mee zijn.

                  Zal geweldig zijn als ik die ook kwijt ben.
                  Nogmaals bedankt voor de moeite en dat ik dankzij jullie de fout kwijt ben ik kan wel blijven bedanken

                  Groetjes,
                  Jolanda

                  Comment

                  Sorry, you are not authorized to view this page
                  Working...
                  X