Mededeling

Collapse
No announcement yet.

Geblokkeerde opstartprogramma's

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Geblokkeerde opstartprogramma's

    Bijgaand mijn log en een vraag.
    Ik krijg steeds de melding dat een geblokkeerd opstartprogramma uitgevoerd wil worden. Het heet system.exe. Kan iemand me vertellen wat te doen?

    Indien ook andere regels verwijderd dienen te worden hoor ik het graag.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:24:23, on 4-5-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\system32\schtasks.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\SurfRight\Caretaker\Notifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    E:\HiJackThis.exe

    O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe
    O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
    O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
    O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 3847 bytes

  • #2
    geblokkeerde opstartprogramma's

    De logfile was niet compleet, sorry.

    ogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:28:13, on 4-5-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\system32\schtasks.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\SurfRight\Caretaker\Notifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    E:\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [java] system.exe
    O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe
    O4 - HKLM\..\RunServices: [java] system.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1079369877-1437950494-3656049165-1002\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Anne')
    O4 - HKUS\S-1-5-21-1079369877-1437950494-3656049165-1002\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Anne')
    O4 - HKUS\S-1-5-21-1079369877-1437950494-3656049165-1002\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Anne')
    O4 - HKUS\S-1-5-21-1079369877-1437950494-3656049165-1002\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Anne')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AOL-werkbalk Search - c:\program files\aol\aol toolbar 5.0\resources\nl-NL\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O13 - Gopher Prefix:
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe
    O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
    O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
    O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 9907 bytes

    Comment


    • #3
      Download: RVAXO.exe
      • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
      • Start de computer in veilige modus.
      • Open nu de map RVAXO op je bureaublad en rechtsklik op RunMe.cmd kies vervolgens voor "Run as administrator".
        Dubbelklik nu RunMe.cmd
        Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
      • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
      • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
        Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
      • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
      • Post de inhoud van de logfile in je volgende bericht.


      Download Deckard's System Scanner naar je Bureaublad.
      • Sluit alle toepassingen en vensters.
      • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
      • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
      • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

      Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
      - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
      Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
      Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

      Comment


      • #4
        RVAXO results:
        ---RVAXO.exe Updated: 2008-05-05---first run---
        Uninstallers:

        Files found:

        Folders Found:


        --------------RVAXO.exe last run---------------
        Not deleted items:

        --------------RVAXO.exe finished----------------

        en dss file:

        Deckard's System Scanner v20071014.68
        Run by Fred on 2008-05-07 20:30:59
        Computer is in Normal Mode.
        --------------------------------------------------------------------------------



        -- HijackThis (run as Fred.exe) ------------------------------------------------

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 20:31:54, on 7-5-2008
        Platform: Windows Vista (WinNT 6.00.1904)
        MSIE: Internet Explorer v7.00 (7.00.6000.16643)
        Boot mode: Normal

        Running processes:
        C:\Windows\system32\Dwm.exe
        C:\Windows\Explorer.EXE
        C:\Program Files\Windows Defender\MSASCui.exe
        C:\hp\support\hpsysdrv.exe
        C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
        C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
        C:\Windows\RtHDVCpl.exe
        c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
        C:\Windows\System32\rundll32.exe
        C:\Program Files\SurfRight\Caretaker\Notifier.exe
        C:\Windows\ehome\ehtray.exe
        C:\Program Files\Google\Google Updater\GoogleUpdater.exe
        C:\Windows\System32\rundll32.exe
        C:\Windows\ehome\ehmsas.exe
        C:\Windows\System32\mobsync.exe
        C:\Program Files\Windows Mail\WinMail.exe
        C:\hp\kbd\kbd.exe
        C:\Program Files\Internet Explorer\IEUser.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Users\Fred\Desktop\dss.exe
        C:\Windows\system32\SearchFilterHost.exe
        E:\Fred.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=desktop
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=desktop
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        O1 - Hosts: ::1 localhost
        O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
        O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
        O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
        O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
        O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
        O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
        O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
        O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
        O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
        O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
        O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
        O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe
        O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
        O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
        O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
        O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: &AOL-werkbalk Search - c:\program files\aol\aol toolbar 5.0\resources\nl-NL\local\search.html
        O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
        O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
        O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
        O13 - Gopher Prefix:
        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
        O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
        O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe
        O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
        O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
        O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
        O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
        O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
        O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
        O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
        O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
        O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

        --
        End of file - 9123 bytes

        -- Files created between 2008-04-07 and 2008-05-07 -----------------------------

        2008-05-07 20:25:11 0 d-------- C:\RVAXO
        2008-05-07 20:19:29 818715 --a------ C:\Windows\system32\RVAXO.bat
        2008-05-07 20:19:29 69632 --a------ C:\Windows\system32\remove.exe
        2008-04-29 08:42:53 0 d-------- C:\Program Files\Skype
        2008-04-29 08:42:53 0 d-------- C:\Program Files\Common Files\Skype
        2008-04-29 08:42:48 0 d-------- C:\Users\All Users\Skype
        2008-04-29 08:42:11 0 d-------- C:\Users\All Users\Mozilla
        2008-04-29 08:42:05 0 d-------- C:\Program Files\Picasa2
        2008-04-29 08:41:39 0 d-------- C:\Users\All Users\Google Updater
        2008-04-28 16:36:52 0 d-------- C:\Program Files\Rockstar Games
        2008-04-19 23:46:09 0 d-------- C:\Users\All Users\Ahead
        2008-04-19 23:46:07 106496 --a------ C:\Windows\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
        2008-04-19 23:46:07 38912 -----n--- C:\Windows\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
        2008-04-19 23:46:00 0 d-------- C:\Program Files\Common Files\Ahead
        2008-04-14 19:18:48 0 d-------- C:\Users\All Users\DVD Shrink
        2008-04-13 19:27:45 0 d-------- C:\Windows\pss
        2008-04-13 09:33:09 0 d-------- C:\Program Files\NT Registry Optimizer
        2008-04-12 22:21:13 0 d-a------ C:\Users\All Users\TEMP
        2008-04-12 22:21:01 0 d-------- C:\Program Files\Spyware Doctor
        2008-04-12 22:20:13 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
        2008-04-12 22:19:42 0 d-------- C:\Program Files\Lavasoft
        2008-04-12 22:19:08 0 d-------- C:\Program Files\SpywareBlaster
        2008-04-12 22:11:21 0 d-------- C:\Users\All Users\Prevx
        2008-04-12 22:07:15 0 d-------- C:\Users\All Users\SurfRight
        2008-04-12 22:07:15 0 d-------- C:\Program Files\SurfRight
        2008-04-12 22:05:36 0 d-------- C:\Program Files\Hitman Pro
        2008-04-12 14:26:44 0 d-------- C:\Program Files\Microsoft Silverlight
        2008-04-10 20:10:39 0 d-------- C:\Program Files\MSXML 4.0
        2008-04-10 00:08:36 0 d-------- C:\Users\All Users\LightScribe
        2008-04-10 00:00:22 0 d-------- C:\Users\All Users\Nero
        2008-04-10 00:00:22 0 d-------- C:\Program Files\Nero
        2008-04-10 00:00:22 0 d-------- C:\Program Files\Common Files\Nero
        2008-04-08 21:06:56 266240 --a------ C:\Windows\system32\hpdj <Not Verified; HP; HP DeskJet>
        2008-04-07 08:26:10 0 dr------- C:\Users\Anne\Searches
        2008-04-07 08:26:01 0 dr------- C:\Users\Anne\Contacts
        2008-04-07 08:25:55 0 dr------- C:\Users\Anne\Videos
        2008-04-07 08:25:55 0 d--hs---- C:\Users\Anne\Sjablonen
        2008-04-07 08:25:55 0 d--hs---- C:\Users\Anne\SendTo
        2008-04-07 08:25:55 0 dr------- C:\Users\Anne\Saved Games
        2008-04-07 08:25:55 0 d--hs---- C:\Users\Anne\Recent
        2008-04-07 08:25:55 0 dr------- C:\Users\Anne\Pictures
        2008-04-07 08:25:55 1310720 --ahs---- C:\Users\Anne\NTUSER.DAT
        2008-04-07 08:25:55 0 d--hs---- C:\Users\Anne\Netwerkprinteromgeving
        2008-04-07 08:25:55 0 d--hs---- C:\Users\Anne\NetHood
        2008-04-07 08:25:55 0 dr------- C:\Users\Anne\Music
        2008-04-07 08:25:55 0 d--hs---- C:\Users\Anne\Mijn documenten
        2008-04-07 08:25:55 0 d--hs---- C:\Users\Anne\Menu Start
        2008-04-07 08:25:55 0 d--hs---- C:\Users\Anne\Local Settings
        2008-04-07 08:25:55 0 dr------- C:\Users\Anne\Links
        2008-04-07 08:25:55 0 dr------- C:\Users\Anne\Favorites
        2008-04-07 08:25:55 0 dr------- C:\Users\Anne\Downloads
        2008-04-07 08:25:55 0 dr------- C:\Users\Anne\Documents
        2008-04-07 08:25:55 0 dr------- C:\Users\Anne\Desktop
        2008-04-07 08:25:55 0 d--hs---- C:\Users\Anne\Cookies
        2008-04-07 08:25:55 0 d--hs---- C:\Users\Anne\Application Data
        2008-04-07 08:25:55 0 d--h----- C:\Users\Anne\AppData


        -- Find3M Report ---------------------------------------------------------------

        2008-05-07 20:29:21 689380 --a------ C:\Windows\system32\perfh013.dat
        2008-05-07 20:29:21 122590 --a------ C:\Windows\system32\perfc013.dat
        2008-05-07 19:34:49 0 d-------- C:\Users\Fred\AppData\Roaming\LimeWire
        2008-05-04 21:50:34 0 d-------- C:\Users\Fred\AppData\Roaming\Skype
        2008-04-29 09:17:06 0 d-------- C:\Users\Fred\AppData\Roaming\Google
        2008-04-29 09:09:55 0 d-------- C:\Program Files\LimeWire
        2008-04-29 08:44:33 0 d-------- C:\Users\Fred\AppData\Roaming\Talkback
        2008-04-29 08:44:06 0 d-------- C:\Users\Fred\AppData\Roaming\Mozilla
        2008-04-29 08:42:53 0 d-------- C:\Program Files\Common Files
        2008-04-29 08:42:34 0 d-------- C:\Program Files\Google
        2008-04-28 16:37:18 0 d--h----- C:\Program Files\InstallShield Installation Information
        2008-04-21 19:41:13 0 d-------- C:\Program Files\Windows Live Toolbar
        2008-04-12 22:22:10 0 d-------- C:\Users\Fred\AppData\Roaming\Lavasoft
        2008-04-12 22:21:01 0 d-------- C:\Users\Fred\AppData\Roaming\PC Tools
        2008-04-10 20:33:29 0 d-------- C:\Users\Fred\AppData\Roaming\DNA
        2008-04-10 00:20:09 0 d-------- C:\Program Files\Windows Mail
        2008-04-10 00:02:42 0 d-------- C:\Users\Fred\AppData\Roaming\Nero
        2008-04-09 20:23:46 0 d-------- C:\Program Files\Online Services
        2008-04-08 21:09:16 0 d-------- C:\Program Files\Hewlett-Packard
        2008-04-08 21:09:15 0 d-------- C:\Program Files\HP
        2008-04-06 19:06:30 0 d-------- C:\Program Files\Common Files\Adobe
        2008-04-06 18:59:30 0 d-------- C:\Users\Fred\AppData\Roaming\Adobe
        2008-04-05 00:47:51 0 d-------- C:\Users\Fred\AppData\Roaming\BitTorrent
        2008-04-04 18:46:05 0 d-------- C:\Program Files\EA Sports
        2008-04-02 08:26:59 0 d-------- C:\Users\Fred\AppData\Roaming\Mijn Battle for Middle-earth™ II-bestanden
        2008-04-01 15:59:41 0 d-------- C:\Users\Fred\AppData\Roaming\CyberLink
        2008-03-31 19:39:24 0 d-------- C:\Program Files\Electronic Arts
        2008-03-30 17:42:43 0 d-------- C:\Program Files\Windows Live Favorites
        2008-03-30 17:41:49 0 d-------- C:\Program Files\Windows Live
        2008-03-30 17:41:36 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
        2008-03-29 16:45:51 4608 --a------ C:\Windows\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
        2008-03-29 16:45:51 2272 --a------ C:\Windows\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
        2008-03-29 16:45:43 0 d-------- C:\Program Files\Catan
        2008-03-29 13:22:30 0 d-------- C:\Program Files\Norton Internet Security
        2008-03-29 13:22:29 0 d-------- C:\Program Files\Common Files\Symantec Shared
        2008-03-29 12:48:04 0 dr-h----- C:\Users\Fred\AppData\Roaming\SecuROM
        2008-03-29 12:36:27 0 d-------- C:\Program Files\BitTorrent
        2008-03-29 12:36:21 0 d-------- C:\Program Files\DNA
        2008-03-29 12:17:00 0 d-------- C:\Program Files\Symantec
        2008-03-28 23:49:27 0 d-------- C:\Program Files\Windows Sidebar
        2008-03-28 23:40:16 0 d-------- C:\Users\Fred\AppData\Roaming\Symantec
        2008-03-28 23:39:37 0 d-------- C:\Users\Fred\AppData\Roaming\Identities
        2008-03-28 23:34:40 0 d-------- C:\Users\Fred\AppData\Roaming\Macromedia
        2008-03-28 23:34:02 0 d-------- C:\Users\Fred\AppData\Roaming\Hewlett-Packard
        2008-03-28 23:27:43 0 d-------- C:\Program Files\Windows NT


        -- Registry Dump ---------------------------------------------------------------

        *Note* empty entries & legit default entries are not shown


        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
        24-08-2007 15:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
        29-03-2008 00:16 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11-01-2008 14:17]
        "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [18-04-2007 17:01]
        "KBD"="C:\HP\KBD\KbdStub.EXE" [08-12-2006 18:16]
        "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [15-02-2007 13:59]
        "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [12-07-2007 17:36]
        "RtHDVCpl"="RtHDVCpl.exe" [25-10-2007 15:52 C:\Windows\RtHDVCpl.exe]
        "HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
        "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [07-04-2007 03:56]
        "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [14-02-2008 12:01]
        "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]
        "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [08-05-2007 17:24]
        "NvSvc"="C:\Windows\system32\nvsvc.dll" [12-12-2007 01:06]
        "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12-12-2007 01:06]
        "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [12-12-2007 01:06]
        "CaretakerNotifier"="C:\Program Files\SurfRight\Caretaker\Notifier.exe" [25-04-2008 10:57]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02-11-2006 14:35]
        "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [29-04-2008 08:41]
        "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18-10-2007 11:34]
        "Skype"="C:\Program Files\Skype\\Phone\Skype.exe" [12-02-2008 20:10]

        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
        Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [29-4-2008 8:41:39]
        Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13-2-2001 11:01:04]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
        "ConsentPromptBehaviorAdmin"=2 (0x2)

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
        @="Service"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
        @="Service"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
        @="Service"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
        @="Service"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
        @="Service"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
        @="Service"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
        @="Service"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
        @="Service"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
        @="Service"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
        @="Service"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
        @="Driver"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
        @="Driver"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
        @="Volume shadow copy"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
        @="IEEE 1394 Bus host controllers"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
        @="SBP2 IEEE 1394 Devices"

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
        @="SecurityDevices"

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
        LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

        *Newly Created Service* - COMHOST

        [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
        C:\Windows\system32\unregmp2.exe /ShowWMP

        [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
        %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



        -- End of Deckard's System Scanner: finished at 2008-05-07 20:32:17 ------------

        Comment


        • #5
          Is het probleem voorbij?

          Comment


          • #6
            yep, probleem is voorbij. Dank je wel.

            Fred

            Comment


            • #7
              Graag gedaan hoor

              Doe dit nog:

              Je Java software is verouderd.
              Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
              Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
              • Download Java Runtime Environment (JRE) 6u6 en bewaar het naar je Bureaublad.
              • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
              • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
              • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
              • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
              • Herhaal dit tot alle oudere versies verdwenen zijn.
              • Na het verwijderen van alle oudere versies, herstart je pc.
              • Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


              Download ATF cleaner (mirror)(gemaakt door Atribune)

              Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

              Dubbelklik op ATF cleaner om het programma te starten.
              Op het tabblad "Main", plaats je een vinkje bij Select All.
              Klik op de knop Empty Selected.

              Het volgende doen als je ook FireFox als browser hebt:
              Klik op tabblad "Firefox", plaats een vinkje bij Select All.
              Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
              (dit haalt het vinkje weer weg bij "Firefox saved passwords")
              Klik op de knop Empty Selected.

              Het volgende doen als je ook Opera als browser hebt:
              Klik op tabblad "Opera", plaats een vinkje bij Select All.
              Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
              Klik op de knop Empty Selected.
              Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

              Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
              Kijk hier hoe je je systeemherstel moet uitschakelen.
              Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

              Groeten smeenk

              Comment

              Sorry, you are not authorized to view this page
              Working...
              X