Vraag & Antwoord

Beveiliging & privacy

startpagina gehijacked

Anoniem
pcguy
12 antwoorden
 • hallo
  mijn startpagina is gehijacked. heb al laten scannen met antivirusprogramma, adaware, cwsshredder maar geraak er niet van af. zie hieronder mijn hijackthis-log. kan iemand me helpen? alvast bedankt.
  grtz, Bert

  Logfile of HijackThis v1.98.2
  Scan saved at 18:36:25, on 6/12/2004
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS.0\System32\smss.exe
  C:\WINDOWS.0\system32\winlogon.exe
  C:\WINDOWS.0\system32\services.exe
  C:\WINDOWS.0\system32\lsass.exe
  C:\WINDOWS.0\system32\svchost.exe
  C:\WINDOWS.0\System32\svchost.exe
  C:\WINDOWS.0\system32\LEXBCES.EXE
  C:\WINDOWS.0\system32\spoolsv.exe
  C:\WINDOWS.0\system32\LEXPPS.EXE
  C:\Program Files\Microsoft Works\WksSb.exe
  C:\WINDOWS.0\System32\igfxtray.exe
  C:\WINDOWS.0\System32\hkcmd.exe
  C:\Program Files\Ahead\InCD\InCD.exe
  C:\WINDOWS.0\system32\DSLAGENT.EXE
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
  C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\WINDOWS.0\system32\rundll32.exe
  C:\WINDOWS.0\system32\m2gr32.exe
  C:\WINDOWS.0\system32\ctfmon.exe
  C:\WINDOWS.0\System32\cgpn.exe
  C:\Program Files\Spyware Doctor\swdoctor.exe
  C:\Program Files\Digital Image\Monitor.exe
  C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
  C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
  C:\WINDOWS.0\System32\cisvc.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
  C:\WINDOWS.0\System32\tcpsvcs.exe
  C:\WINDOWS.0\system32\slserv.exe
  C:\WINDOWS.0\System32\snmp.exe
  C:\WINDOWS.0\System32\svchost.exe
  C:\WINDOWS.0\System32\svchost.exe
  C:\WINDOWS.0\system32\cidaemon.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  C:\Program Files\Grisoft\AVG Free\avgcc.exe
  C:\Program Files\Grisoft\AVG Free\avgemc.exe
  C:\WINDOWS.0\system32\wscntfy.exe
  C:\WINDOWS.0\explorer.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  C:\WINDOWS.0\system32\wuauclt.exe
  C:\Program Files\HIJACKTHIS\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/EnterOne/Portal/portal.html
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\about.htm
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
  O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
  O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
  O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS.0\System32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS.0\System32\hkcmd.exe
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.0\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
  O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE USB
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
  O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
  O4 - HKLM\..\Run: [TaskMon] C:\WINDOWS.0\System32\taskmon.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
  O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
  O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  O4 - HKLM\..\Run: [NvCplD] C:\WINDOWS.0\system32\m2gr32.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
  O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS.0\System32\cgpn.exe
  O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
  O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Digital Image Monitor.lnk = ?
  O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
  O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS.0\System32\msjava.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS.0\System32\msjava.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Hijacked Internet access by New.Net
  O10 - Hijacked Internet access by New.Net
  O10 - Hijacked Internet access by New.Net
  O10 - Hijacked Internet access by New.Net
  O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
  O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
  O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
  O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
  O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} (printQuick Browser Add In (Ver4)) - http://www.pqpc.com/plugin/axversion/1410/printQuick1410.cab
  O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/227d21a93af932946721/netzip/RdxIE601.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2003080601/housecall.antivirus.com/housecall/xscan53.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
  O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
  O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
  O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
 • Ga naar start –> configuratiescherm –> software en deinstalleer switch en new.net (new dot net kan ook)

  Draai daarna: http://faq.tweakers.net/wos/WinsockXPFix.exe

  herstart daarna de pc en plaats een nieuwe hijackthislog.
 • ziehier de nieuwe log na het verwijderen van switch en new.net en het laten lopen van die tweak

  alvast bedankt voor de hulp!

  Logfile of HijackThis v1.98.2
  Scan saved at 21:41:17, on 6/12/2004
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS.0\System32\smss.exe
  C:\WINDOWS.0\system32\winlogon.exe
  C:\WINDOWS.0\system32\services.exe
  C:\WINDOWS.0\system32\lsass.exe
  C:\WINDOWS.0\system32\svchost.exe
  C:\WINDOWS.0\System32\svchost.exe
  C:\WINDOWS.0\system32\LEXBCES.EXE
  C:\WINDOWS.0\system32\spoolsv.exe
  C:\WINDOWS.0\system32\LEXPPS.EXE
  C:\WINDOWS.0\Explorer.EXE
  C:\Program Files\Microsoft Works\WksSb.exe
  C:\WINDOWS.0\System32\igfxtray.exe
  C:\WINDOWS.0\System32\hkcmd.exe
  C:\Program Files\Ahead\InCD\InCD.exe
  C:\WINDOWS.0\system32\DSLAGENT.EXE
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
  C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  C:\WINDOWS.0\system32\ctfmon.exe
  C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
  C:\Program Files\Alwil Software\Avast4\ashServ.exe
  C:\Program Files\Digital Image\Monitor.exe
  C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  C:\WINDOWS.0\System32\cisvc.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\WINDOWS.0\System32\tcpsvcs.exe
  C:\WINDOWS.0\system32\slserv.exe
  C:\WINDOWS.0\System32\snmp.exe
  C:\WINDOWS.0\System32\svchost.exe
  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  C:\WINDOWS.0\system32\wuauclt.exe
  C:\WINDOWS.0\System32\svchost.exe
  C:\WINDOWS.0\system32\wuauclt.exe
  C:\Program Files\Outlook Express\msimn.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\HIJACKTHIS\HijackThis.exe

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
  O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
  O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS.0\System32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS.0\System32\hkcmd.exe
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.0\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
  O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE USB
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
  O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
  O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
  O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS.0\System32\cgpn.exe
  O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Digital Image Monitor.lnk = ?
  O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
  O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS.0\System32\msjava.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS.0\System32\msjava.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
  O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
  O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
  O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
  O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} (printQuick Browser Add In (Ver4)) - http://www.pqpc.com/plugin/axversion/1410/printQuick1410.cab
  O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/227d21a93af932946721/netzip/RdxIE601.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2003080601/housecall.antivirus.com/housecall/xscan53.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
  O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
  O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
  O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
 • Dual boot?

  Sluit alle vensters en fix deze items:
  [list:65c635bd56][b:65c635bd56]R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
  O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/227d21a93af932946721/netzip/RdxIE601.cab[/b:65c635bd56][/list:u:65c635bd56]


  Herstart en plaats een nieuwe log,
 • euh………….
  wat bedoel je juist met "dual boot"?
  (er zijn alleszins twee pc's aangesloten op dezelfde modem, de andere pc is de server)
  grtz
 • snel ff gegoogeld naar "dual boot": nope, deze pc draait enkel op windows XP. de serverpc draait wel op xp pro, deze pc draait op xp-home. misschien vandaar?
 • Ik lees nu net je post, dual boot bedoel ik mee 2 besturingssystemen op 1 pc, namelijk je windows map heet nu anders dan standaard (windows.0) of heb je ooit wel dual boot gehad?


  Ga eens naar start –> uitvoeren en tik in: %systemroot% en geef enter, kijk daarna in de adresbalk in welke map je beland.
 • hello
  als ik dat intyp kom ik inderdaad uit op windows.0
  naar alle waarschijnlijkheid (is pc van mijn schoonbroer) heeft hier nooit een andere windowsversie opgestaan, maar zoals ik eerder al zei is deze pc gelinkt met een andere pc die als server dienst doet: deze draait met een andere windowsversie ….
  vraag: mag ik die twee hijackthis-entries die je in een voorgaande post opgaf nu al fixen , of wil je eerst meer info over die dualboot-situatie?

  mvg, bert
 • Zijn 3 entries en die mag je er gewoon uitgooien,

  Dat over dual boot wilde ik weten omdat ik wat items uit die map zag en ik wilde checken of er niet een illegale nep windhoos map stond.
 • Logfile of HijackThis v1.98.2
  Scan saved at 17:19:20, on 7/12/2004
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS.0\System32\smss.exe
  C:\WINDOWS.0\system32\winlogon.exe
  C:\WINDOWS.0\system32\services.exe
  C:\WINDOWS.0\system32\lsass.exe
  C:\WINDOWS.0\system32\svchost.exe
  C:\WINDOWS.0\System32\svchost.exe
  C:\WINDOWS.0\system32\LEXBCES.EXE
  C:\WINDOWS.0\system32\spoolsv.exe
  C:\WINDOWS.0\system32\LEXPPS.EXE
  C:\WINDOWS.0\Explorer.EXE
  C:\Program Files\Microsoft Works\WksSb.exe
  C:\WINDOWS.0\System32\igfxtray.exe
  C:\WINDOWS.0\System32\hkcmd.exe
  C:\Program Files\Ahead\InCD\InCD.exe
  C:\WINDOWS.0\system32\DSLAGENT.EXE
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
  C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  C:\WINDOWS.0\system32\ctfmon.exe
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  C:\Program Files\Alwil Software\Avast4\ashServ.exe
  C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
  C:\Program Files\Digital Image\Monitor.exe
  C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
  C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  C:\WINDOWS.0\System32\cisvc.exe
  C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\WINDOWS.0\System32\tcpsvcs.exe
  C:\WINDOWS.0\system32\slserv.exe
  C:\WINDOWS.0\System32\snmp.exe
  C:\WINDOWS.0\System32\svchost.exe
  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  C:\WINDOWS.0\System32\svchost.exe
  C:\WINDOWS.0\system32\wuauclt.exe
  C:\WINDOWS.0\system32\wuauclt.exe
  C:\Program Files\HIJACKTHIS\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
  O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
  O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS.0\System32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS.0\System32\hkcmd.exe
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.0\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
  O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE USB
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
  O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
  O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
  O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Digital Image Monitor.lnk = ?
  O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
  O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS.0\System32\msjava.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS.0\System32\msjava.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
  O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
  O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
  O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
  O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} (printQuick Browser Add In (Ver4)) - http://www.pqpc.com/plugin/axversion/1410/printQuick1410.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2003080601/housecall.antivirus.com/housecall/xscan53.cab
  O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
  O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
  O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
  O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab

  bedankt bij voorbaat en vriendelijke groeten, bert
 • Lijkt me clean, alle problemen opgelost?
 • hello

  idd, het probleem is opgelost. van harte bedankt !!!
  als je keer op de streek bent, laat het weten; je mag nen goeien drinken op mijn kosten
  grtz, bert

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.