Mededeling

Collapse
No announcement yet.

veel popups zodra ik internet explorer open

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    veel popups zodra ik internet explorer open

    Goede avond heren,


    sinds enige tijd krijg ik ontzettend veel popups van reclamesites oa
    c5.zedo.com, brandarama.com.

    Uw hulp wordt zeer op prijs gesteld!


    Spybot pikte de volgende problemen op welke wel of niet verwijdert
    worden:

    "Smitfraud-C.CoreServices" (Niet verwijderd)
    "Mircrosoft.WindowsSecurityCenter.FirewallOverride" (Wel verwijderd)

    Met Ad-Aware vond ik:

    Infections Found
    ===========================
    Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
    Item Id: 1 Value: MRU Path: C:\Documents and Settings\Rene\Onlangs geopend Count: 18
    Item Id: 3 Value: MRU Registry Key: S-1-5-21-2264531483-3462053494-3261611336-1005\Software\Microsoft\Internet Explorer\TypedURLs Count: 2


    Hieronder het Hijackthis log

    ====================

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:00:17, on 23-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\APPS\SMP\SmpSys.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Webteh\BSplayerPro\bsplayer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2083] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8588] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8492] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8746] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172520340390
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

    --
    End of file - 9972 bytes
    Labels: Geen
    • Citaat
  • #2
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)
    • Citaat

    Comment

    • #3
      Hoi Smeenk, ik heb je aanwijzingen opgevolgd en hieronder het logje geplaatst.

      BVD
      =====================

      Deckard's System Scanner v20071014.68
      Run by Rene on 2008-03-24 20:06:53
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      49: 2008-03-24 19:06:57 UTC - RP79 - Deckard's System Scanner Restore Point
      48: 2008-03-24 18:00:39 UTC - RP78 - Software Distribution Service 3.0
      47: 2008-03-23 01:03:49 UTC - RP77 - Installed Java(TM) 6 Update 5
      46: 2008-03-22 20:55:25 UTC - RP76 - Software Distribution Service 3.0
      45: 2008-03-21 08:18:21 UTC - RP75 - Software Distribution Service 3.0


      -- First Restore Point --
      1: 2008-02-27 22:12:31 UTC - RP31 - Removed Steinberg Cubase Studio 4


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as Rene.exe) ------------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:07:42, on 24-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\APPS\SMP\SmpSys.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Documents and Settings\Rene\Bureaublad\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\Rene.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: hp psc 1000 series.lnk = ?
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172520340390
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
      O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
      O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
      O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
      O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
      O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

      --
      End of file - 9232 bytes

      -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

      backup-20070820-233031-207 O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\Hold Grim.exe
      backup-20070820-233031-290 O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

      -- File Associations -----------------------------------------------------------

      .js - unable to read key
      .js - unable to read key


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R1 npfss - c:\windows\system32\drivers\npfss.sys
      R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
      R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
      R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

      S0 pe3ah4nc (DiRT Environment Driver (pe3ah4nc)) - c:\windows\system32\drivers\pe3ah4nc.sys (file missing)
      S0 viamraid - c:\windows\system32\drivers\viamraid.sys <Not Verified; VIA Technologies inc,.ltd; VIA RAID driver>
      S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
      R2 Bonjour Service (Bonjour-service) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
      R2 USBDeviceService - c:\program files\sonic\digitalmedia le v7\mydvd le\usbdeviceservice.exe <Not Verified; ; USBDeviceService Module>


      -- Device Manager: Disabled ----------------------------------------------------

      No disabled devices found.


      -- Scheduled Tasks -------------------------------------------------------------

      2008-02-25 13:31:02 388 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1200313847.job
      2008-01-12 17:41:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


      -- Files created between 2008-02-24 and 2008-03-24 -----------------------------

      2008-03-24 18:59:39 0 d-------- C:\WINDOWS\LastGood
      2008-03-22 22:32:45 0 dr-h----- C:\Documents and Settings\Rene\Onlangs geopend
      2008-03-19 22:54:20 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-03-19 22:53:49 0 d-------- C:\Program Files\SpywareBlaster
      2008-03-19 22:44:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-03-19 22:38:09 0 d-------- C:\Program Files\CCleaner
      2008-03-17 22:37:43 0 d-------- C:\Program Files\iPod
      2008-03-17 22:37:37 0 d-------- C:\Program Files\iTunes
      2008-03-17 22:37:19 22528 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Jukka Poikolainen Software; wnaspi32.dll>
      2008-03-17 22:37:19 16512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
      2008-03-17 22:23:58 0 d-------- C:\Program Files\4Musics Multiformat Converter
      2008-03-11 17:10:15 0 d-------- C:\Program Files\Codemasters
      2008-03-10 11:48:04 86144 --a------ C:\WINDOWS\system32\drivers\npfss.sys
      2008-03-09 01:17:50 0 d-------- C:\DVD_9
      2008-03-09 00:58:25 0 d-------- C:\Program Files\DVD Shrink
      2008-03-09 00:58:25 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
      2008-03-08 22:36:53 0 d-------- C:\Program Files\Keyword Elite
      2008-03-05 13:00:48 0 d-------- C:\Documents and Settings\Zoe\Application Data\Apple Computer
      2008-03-03 10:31:40 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
      2008-03-01 17:06:23 74 --a------ C:\WINDOWS\Logic
      2008-03-01 17:05:25 75 --a------ C:\WINDOWS\Memory
      2008-03-01 16:55:58 76 --a------ C:\WINDOWS\Spatial
      2008-03-01 16:49:32 78 --a------ C:\WINDOWS\Numerical
      2008-03-01 16:49:21 75 --a------ C:\WINDOWS\Verbal
      2008-03-01 16:47:12 73 --a------ C:\WINDOWS\Times New Roman
      2008-03-01 16:46:44 0 d-------- C:\WINDOWS\system32\Brain Trainer
      2008-03-01 16:46:06 0 d-------- C:\Program Files\Mindscape
      2008-02-29 13:30:12 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
      2008-02-29 13:30:12 761856 --a------ C:\WINDOWS\system32\xvidcore.dll
      2008-02-29 13:30:12 0 d-------- C:\Program Files\XviD
      2008-02-28 15:21:47 0 d-------- C:\Program Files\Finale SongWriter 2007
      2008-02-28 14:50:12 0 d-------- C:\ASK Video
      2008-02-28 14:34:36 0 d-------- C:\Program Files\DAMN NFO Viewer
      2008-02-28 01:36:17 0 d-------- C:\Program Files\Garritan Instruments for Finale
      2008-02-28 01:36:13 0 d-------- C:\Program Files\Kontakt Player 2
      2008-02-28 01:34:15 0 d-------- C:\PSFONTS
      2008-02-28 01:33:20 0 d-------- C:\Program Files\Finale 2008
      2008-02-28 01:10:19 0 d-------- C:\Program Files\PowerISO
      2008-02-28 00:25:56 16896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys <Not Verified; SIA Syncrosoft; USB protection device>
      2008-02-28 00:25:28 45056 --a------ C:\WINDOWS\system32\Synsopos.exe <Not Verified; SIA Syncrosoft; Syncrosoft Synsopos>
      2008-02-28 00:25:26 147456 --a------ C:\WINDOWS\system32\SynsoLChk.dll <Not Verified; SIA Syncrosoft; >
      2008-02-28 00:25:25 0 d-------- C:\Program Files\Syncrosoft
      2008-02-27 23:28:54 0 d-------- C:\Documents and Settings\Rene\Application Data\Ahead
      2008-02-26 23:21:20 0 d-------- C:\Program Files\Common Files\Steinberg
      2008-02-26 23:21:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Steinberg
      2008-02-26 23:16:49 765952 --a------ C:\WINDOWS\system32\synsoacc.dll <Not Verified; SIA Syncrosoft; SYNCROSOFT SYNSOACC>
      2008-02-26 23:15:51 0 d-------- C:\Program Files\Steinberg
      2008-02-26 23:15:51 0 d-------- C:\Documents and Settings\Rene\Application Data\Steinberg
      2008-02-26 23:01:37 0 d-------- C:\Program Files\ARAR
      2008-02-26 20:39:02 0 d-------- C:\Documents and Settings\Rene\Downloads
      2008-02-26 20:38:59 0 d-------- C:\Documents and Settings\Rene\Application Data\NewsLeecher
      2008-02-25 14:35:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
      2008-02-25 14:22:34 0 d-------- C:\Program Files\MagicISO
      2008-02-25 10:37:39 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
      2008-02-25 10:37:39 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
      2008-02-25 10:37:11 561952 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
      2008-02-25 10:37:11 28609312 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
      2008-02-25 10:37:11 0 d-------- C:\Program Files\Kaspersky Lab
      2008-02-25 10:37:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab


      -- Find3M Report ---------------------------------------------------------------

      2008-03-23 02:05:02 0 d-------- C:\Program Files\Java
      2008-03-23 02:04:31 0 d-------- C:\Program Files\eMule
      2008-03-23 02:02:54 0 d-------- C:\Documents and Settings\Rene\Application Data\uTorrent
      2008-03-21 10:50:11 597 --a------ C:\WINDOWS\0
      2008-03-19 22:44:08 0 d-------- C:\Program Files\Common Files
      2008-03-17 22:52:47 0 d-------- C:\Documents and Settings\Rene\Application Data\foobar2000
      2008-03-17 22:39:30 0 d-------- C:\Program Files\QuickTime
      2008-03-11 21:30:35 0 d-------- C:\Program Files\Bonjour
      2008-03-11 17:10:20 0 d--h----- C:\Program Files\InstallShield Installation Information
      2008-03-11 16:11:53 0 d-------- C:\Documents and Settings\Rene\Application Data\BSplayer PRO
      2008-03-11 16:10:03 0 d-------- C:\Program Files\Webteh
      2008-03-03 10:32:28 0 d-------- C:\Documents and Settings\Rene\Application Data\Adobe
      2008-03-03 10:31:37 0 d-------- C:\Program Files\Common Files\Adobe
      2008-02-29 13:30:58 0 d-------- C:\Program Files\DivX
      2008-02-25 12:00:58 43 --a------ C:\WINDOWS\1
      2008-02-24 20:06:35 0 d-------- C:\Documents and Settings\Rene\Application Data\Vso
      2008-02-22 17:40:22 514244 --a------ C:\WINDOWS\system32\perfh013.dat
      2008-02-22 17:40:22 92968 --a------ C:\WINDOWS\system32\perfc013.dat
      2008-02-22 17:28:44 0 --a------ C:\CONFIG.SYS
      2008-02-22 17:28:44 0 --a------ C:\AUTOEXEC.BAT
      2008-02-22 17:15:27 34440 --a------ C:\WINDOWS\system32\emptyregdb.dat
      2008-02-01 13:46:58 34 --a------ C:\Documents and Settings\Rene\Application Data\pcouffin.log
      2008-02-01 13:46:30 47360 --a------ C:\Documents and Settings\Rene\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
      2008-02-01 13:46:30 1144 --a------ C:\Documents and Settings\Rene\Application Data\pcouffin.inf
      2008-02-01 13:46:30 7887 --a------ C:\Documents and Settings\Rene\Application Data\pcouffin.cat
      2008-02-01 13:46:29 0 d-------- C:\Program Files\VSO
      2008-01-31 14:01:47 0 d-------- C:\Program Files\Philips
      2008-01-24 22:28:42 0 d-------- C:\Program Files\foobar2000
      2008-01-15 14:44:14 2721077 --a------ C:\WINDOWS\system32\exec1.exe
      2008-01-14 13:30:46 19575 --a------ C:\WINDOWS\hpoins01.dat


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22-10-2006 12:22]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10-10-2007 19:51]
      "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [22-08-2004 17:05]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 11:50]
      "PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [15-12-2005 10:38]
      "nwiz"="nwiz.exe" [22-10-2006 12:22 C:\WINDOWS\system32\nwiz.exe]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [22-10-2006 12:22]
      "RTHDCPL"="RTHDCPL.EXE" [18-05-2006 13:27 C:\WINDOWS\RTHDCPL.exe]
      "SkyTel"="SkyTel.EXE" [16-05-2006 17:04 C:\WINDOWS\SkyTel.exe]
      "Alcmtr"="ALCMTR.EXE" [03-05-2005 17:43 C:\WINDOWS\Alcmtr.exe]
      "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [10-08-2004 04:04]
      "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [30-01-2008 18:53]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31-01-2008 23:13]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19-02-2008 13:10]
      "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [07-08-2007 01:05]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [02-09-2004 13:00]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13-10-2004 17:24]
      "SmpcSys"="C:\APPS\SMP\SmpSys.exe" [08-12-2005 16:39]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [27-04-2007 20:15]
      "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [14-04-2005 16:56]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [9-4-2003 18:21:38]
      hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [9-4-2003 18:11:12]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
      "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"




      -- Hosts -----------------------------------------------------------------------

      127.0.0.1 bin.errorprotector.com ## added by CiD
      127.0.0.1 br.errorsafe.com ## added by CiD
      127.0.0.1 br.winantivirus.com ## added by CiD
      127.0.0.1 br.winfixer.com ## added by CiD
      127.0.0.1 cdn.drivecleaner.com ## added by CiD
      127.0.0.1 cdn.errorsafe.com ## added by CiD
      127.0.0.1 cdn.winsoftware.com ## added by CiD
      127.0.0.1 de.errorsafe.com ## added by CiD
      127.0.0.1 de.winantivirus.com ## added by CiD
      127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

      60 more entries in hosts file.


      -- End of Deckard's System Scanner: finished at 2008-03-24 20:08:32 ------------
      • Citaat

      Comment

      • #4
        Download: RVAXO.exe
        • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
        • Start de computer in veilige modus.
        • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
          Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
        • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
        • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
          Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
        • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
        • Post de inhoud van de logfile in je volgende bericht.
        Post ook een nieuw logje van Deckard's System Scanner
        • Citaat

        Comment

        • #5
          Hieronder logbestanden:

          RVAXO:

          ---RVAXO.exe Updated: 2008-03-24---first run---
          Uninstallers:

          Files found:
          C:\WINDOWS\system32\vbzip11.dll
          C:\WINDOWS\system32\drivers\npfss.sys
          C:\WINDOWS\system32\drivers\core.cache.dsk
          C:\WINDOWS\system32\exec1.exe

          Folders Found:
          C:\Temp\tn3

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------
          Not deleted items:

          --------------RVAXO.exe finished----------------

          en




          Deckard's System Scanner v20071014.68
          Run by Rene on 2008-03-24 20:38:44
          Computer is in Normal Mode.
          --------------------------------------------------------------------------------



          -- HijackThis (run as Rene.exe) ------------------------------------------------

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 20:38:46, on 24-3-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\WINDOWS\eHome\ehRecvr.exe
          C:\WINDOWS\eHome\ehSched.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
          C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
          C:\WINDOWS\system32\notepad.exe
          C:\WINDOWS\system32\dllhost.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
          C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
          C:\WINDOWS\RTHDCPL.EXE
          C:\WINDOWS\ehome\ehtray.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\APPS\SMP\SmpSys.exe
          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
          C:\WINDOWS\system32\wscntfy.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
          C:\Documents and Settings\Rene\Bureaublad\dss.exe
          C:\PROGRA~1\TRENDM~1\HIJACK~1\Rene.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
          O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
          O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: hp psc 1000 series.lnk = ?
          O4 - Global Startup: hpoddt01.exe.lnk = ?
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
          O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
          O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
          O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
          O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
          O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
          O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172520340390
          O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
          O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
          O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
          O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
          O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
          O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
          O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
          O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
          O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

          --
          End of file - 9331 bytes

          -- Files created between 2008-02-24 and 2008-03-24 -----------------------------

          2008-03-24 20:35:40 0 d-------- C:\WINDOWS\LastGood
          2008-03-24 20:34:21 0 d-------- C:\RVAXO
          2008-03-24 20:32:34 756903 --a------ C:\WINDOWS\system32\RVAXO.bat
          2008-03-24 20:32:34 69632 --a------ C:\WINDOWS\system32\remove.exe
          2008-03-22 22:32:45 0 dr-h----- C:\Documents and Settings\Rene\Onlangs geopend
          2008-03-19 22:54:20 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
          2008-03-19 22:53:49 0 d-------- C:\Program Files\SpywareBlaster
          2008-03-19 22:44:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
          2008-03-19 22:38:09 0 d-------- C:\Program Files\CCleaner
          2008-03-17 22:37:43 0 d-------- C:\Program Files\iPod
          2008-03-17 22:37:37 0 d-------- C:\Program Files\iTunes
          2008-03-17 22:37:19 22528 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Jukka Poikolainen Software; wnaspi32.dll>
          2008-03-17 22:37:19 16512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
          2008-03-17 22:23:58 0 d-------- C:\Program Files\4Musics Multiformat Converter
          2008-03-11 17:10:15 0 d-------- C:\Program Files\Codemasters
          2008-03-09 01:17:50 0 d-------- C:\DVD_9
          2008-03-09 00:58:25 0 d-------- C:\Program Files\DVD Shrink
          2008-03-09 00:58:25 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
          2008-03-08 22:36:53 0 d-------- C:\Program Files\Keyword Elite
          2008-03-05 13:00:48 0 d-------- C:\Documents and Settings\Zoe\Application Data\Apple Computer
          2008-03-03 10:31:40 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
          2008-03-01 17:06:23 74 --a------ C:\WINDOWS\Logic
          2008-03-01 17:05:25 75 --a------ C:\WINDOWS\Memory
          2008-03-01 16:55:58 76 --a------ C:\WINDOWS\Spatial
          2008-03-01 16:49:32 78 --a------ C:\WINDOWS\Numerical
          2008-03-01 16:49:21 75 --a------ C:\WINDOWS\Verbal
          2008-03-01 16:47:12 73 --a------ C:\WINDOWS\Times New Roman
          2008-03-01 16:46:44 0 d-------- C:\WINDOWS\system32\Brain Trainer
          2008-03-01 16:46:06 0 d-------- C:\Program Files\Mindscape
          2008-02-29 13:30:12 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
          2008-02-29 13:30:12 761856 --a------ C:\WINDOWS\system32\xvidcore.dll
          2008-02-29 13:30:12 0 d-------- C:\Program Files\XviD
          2008-02-28 15:21:47 0 d-------- C:\Program Files\Finale SongWriter 2007
          2008-02-28 14:50:12 0 d-------- C:\ASK Video
          2008-02-28 14:34:36 0 d-------- C:\Program Files\DAMN NFO Viewer
          2008-02-28 01:36:17 0 d-------- C:\Program Files\Garritan Instruments for Finale
          2008-02-28 01:36:13 0 d-------- C:\Program Files\Kontakt Player 2
          2008-02-28 01:34:15 0 d-------- C:\PSFONTS
          2008-02-28 01:33:20 0 d-------- C:\Program Files\Finale 2008
          2008-02-28 01:10:19 0 d-------- C:\Program Files\PowerISO
          2008-02-28 00:25:56 16896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys <Not Verified; SIA Syncrosoft; USB protection device>
          2008-02-28 00:25:28 45056 --a------ C:\WINDOWS\system32\Synsopos.exe <Not Verified; SIA Syncrosoft; Syncrosoft Synsopos>
          2008-02-28 00:25:26 147456 --a------ C:\WINDOWS\system32\SynsoLChk.dll <Not Verified; SIA Syncrosoft; >
          2008-02-28 00:25:25 0 d-------- C:\Program Files\Syncrosoft
          2008-02-27 23:28:54 0 d-------- C:\Documents and Settings\Rene\Application Data\Ahead
          2008-02-26 23:21:20 0 d-------- C:\Program Files\Common Files\Steinberg
          2008-02-26 23:21:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Steinberg
          2008-02-26 23:16:49 765952 --a------ C:\WINDOWS\system32\synsoacc.dll <Not Verified; SIA Syncrosoft; SYNCROSOFT SYNSOACC>
          2008-02-26 23:15:51 0 d-------- C:\Program Files\Steinberg
          2008-02-26 23:15:51 0 d-------- C:\Documents and Settings\Rene\Application Data\Steinberg
          2008-02-26 23:01:37 0 d-------- C:\Program Files\ARAR
          2008-02-26 20:39:02 0 d-------- C:\Documents and Settings\Rene\Downloads
          2008-02-26 20:38:59 0 d-------- C:\Documents and Settings\Rene\Application Data\NewsLeecher
          2008-02-25 14:35:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
          2008-02-25 14:22:34 0 d-------- C:\Program Files\MagicISO
          2008-02-25 10:37:39 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
          2008-02-25 10:37:39 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
          2008-02-25 10:37:11 569888 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
          2008-02-25 10:37:11 28686368 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
          2008-02-25 10:37:11 0 d-------- C:\Program Files\Kaspersky Lab
          2008-02-25 10:37:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab


          -- Find3M Report ---------------------------------------------------------------

          2008-03-24 20:29:51 0 d-------- C:\Documents and Settings\Rene\Application Data\uTorrent
          2008-03-23 02:05:02 0 d-------- C:\Program Files\Java
          2008-03-23 02:04:31 0 d-------- C:\Program Files\eMule
          2008-03-21 10:50:11 597 --a------ C:\WINDOWS\0
          2008-03-19 22:44:08 0 d-------- C:\Program Files\Common Files
          2008-03-17 22:52:47 0 d-------- C:\Documents and Settings\Rene\Application Data\foobar2000
          2008-03-17 22:39:30 0 d-------- C:\Program Files\QuickTime
          2008-03-11 21:30:35 0 d-------- C:\Program Files\Bonjour
          2008-03-11 17:10:20 0 d--h----- C:\Program Files\InstallShield Installation Information
          2008-03-11 16:11:53 0 d-------- C:\Documents and Settings\Rene\Application Data\BSplayer PRO
          2008-03-11 16:10:03 0 d-------- C:\Program Files\Webteh
          2008-03-03 10:32:28 0 d-------- C:\Documents and Settings\Rene\Application Data\Adobe
          2008-03-03 10:31:37 0 d-------- C:\Program Files\Common Files\Adobe
          2008-02-29 13:30:58 0 d-------- C:\Program Files\DivX
          2008-02-25 12:00:58 43 --a------ C:\WINDOWS\1
          2008-02-24 20:06:35 0 d-------- C:\Documents and Settings\Rene\Application Data\Vso
          2008-02-22 17:40:22 514244 --a------ C:\WINDOWS\system32\perfh013.dat
          2008-02-22 17:40:22 92968 --a------ C:\WINDOWS\system32\perfc013.dat
          2008-02-22 17:28:44 0 --a------ C:\CONFIG.SYS
          2008-02-22 17:28:44 0 --a------ C:\AUTOEXEC.BAT
          2008-02-22 17:15:27 34440 --a------ C:\WINDOWS\system32\emptyregdb.dat
          2008-02-01 13:46:58 34 --a------ C:\Documents and Settings\Rene\Application Data\pcouffin.log
          2008-02-01 13:46:30 47360 --a------ C:\Documents and Settings\Rene\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
          2008-02-01 13:46:30 1144 --a------ C:\Documents and Settings\Rene\Application Data\pcouffin.inf
          2008-02-01 13:46:30 7887 --a------ C:\Documents and Settings\Rene\Application Data\pcouffin.cat
          2008-02-01 13:46:29 0 d-------- C:\Program Files\VSO
          2008-01-31 14:01:47 0 d-------- C:\Program Files\Philips
          2008-01-24 22:28:42 0 d-------- C:\Program Files\foobar2000
          2008-01-14 13:30:46 19575 --a------ C:\WINDOWS\hpoins01.dat


          -- Registry Dump ---------------------------------------------------------------

          *Note* empty entries & legit default entries are not shown


          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 04:25]
          "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22-10-2006 12:22]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10-10-2007 19:51]
          "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [22-08-2004 17:05]
          "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09-07-2001 11:50]
          "PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [15-12-2005 10:38]
          "nwiz"="nwiz.exe" [22-10-2006 12:22 C:\WINDOWS\system32\nwiz.exe]
          "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [22-10-2006 12:22]
          "RTHDCPL"="RTHDCPL.EXE" [18-05-2006 13:27 C:\WINDOWS\RTHDCPL.exe]
          "SkyTel"="SkyTel.EXE" [16-05-2006 17:04 C:\WINDOWS\SkyTel.exe]
          "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [10-08-2004 04:04]
          "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31-01-2008 23:13]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19-02-2008 13:10]
          "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [07-08-2007 01:05]
          "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [30-01-2008 18:53]

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [02-09-2004 13:00]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13-10-2004 17:24]
          "SmpcSys"="C:\APPS\SMP\SmpSys.exe" [08-12-2005 16:39]
          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [27-04-2007 20:15]
          "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [14-04-2005 16:56]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [9-4-2003 18:21:38]
          hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [9-4-2003 18:11:12]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
          "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
          "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
          "appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
          @="Service"




          -- End of Deckard's System Scanner: finished at 2008-03-24 20:39:29 ------------
          • Citaat

          Comment

          • #6
            Ga naar Start - Uitvoeren en geef daar het volgende in:
            sc delete npfss
            Druk daarna op OK.

            Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
            Dit zal alles van RVAXO doen verwijderen.

            Download ATF cleaner (mirror)(gemaakt door Atribune)

            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

            Dubbelklik op ATF cleaner om het programma te starten.
            Op het tabblad "Main", plaats je een vinkje bij Select All.
            Klik op de knop Empty Selected.

            Het volgende doen als je ook FireFox als browser hebt:
            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
            Klik op de knop Empty Selected.

            Het volgende doen als je ook Opera als browser hebt:
            Klik op tabblad "Opera", plaats een vinkje bij Select All.
            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
            Klik op de knop Empty Selected.
            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
            Kijk hier hoe je je systeemherstel moet uitschakelen.
            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

            Vertel of er nog problemen zijn
            • Citaat

            Comment

            • #7
              Hey Smeenk! Het lijkt erop dat het probleem is opgelost, geen irritante pop-ups meer.

              Ontzettend bedankt! Mijn complimenten!

              Knopsolino
              • Citaat

              Comment

              • #8
                Graag gedaan hoor
                • Citaat

                Comment

                Vorige template Volgende
                Sorry, you are not authorized to view this page
                Working...
                X