Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Wie o Wie wil mijn Logje nakijken?

Anoniem
None
9 antwoorden
  • Hoi,

    Is er iemand die naar mijn logfile wil kijken?
    De pc is zeer traag en ik heb tevens van tiscali een waarschuwing gekregen dat ik een onvelige proxy heb.

    In het opstart menu van WinXP (pro-versie) krijg ik een foutmelding van een of ander bewerking die niet opgestart kan worden.
    Tevens als WinXp is gestart krijg ik 2 pop-ups dat ieexplorer een foutieve….blablabla excuses voor het ongemak.

    Wie o wie helpt mij met dit logfiletje om mijn pc op te schonen

    gr Laurens


    Logfile of HijackThis v1.99.1
    Scan saved at 0:27:43, on 26-4-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ULi5287\ULi5287.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Laurens\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe
    C:\DOCUME~1\Laurens\LOCALS~1\Temp\Rar$EX00.485\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - blank (file missing)
    O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - blank (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: ContextualAds Class - {FE6C16C4-16AD-47B6-B250-26AD1829E49A} - blank (file missing)
    O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - blank
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://84.41.135.154/WinWebPush.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

  • Installeer hijackthis.exe bijv. in C:\Program Files\[b:e38e3f7ad8]Hijackthis[/b:e38e3f7ad8]
    Dit in verband met de backups die dit programma maakt.

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:e38e3f7ad8]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - blank (file missing)
    O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - blank (file missing)
    O2 - BHO: ContextualAds Class - {FE6C16C4-16AD-47B6-B250-26AD1829E49A} - blank (file missing)
    [/b:e38e3f7ad8]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    start opnieuw op en plaats een nieuw HJT logje en vertel gelijk wat je verdere problemen zijn.
  • Hoi

    Bedankt voor de reactie.
    Ik heb de actie uitgevoerd. Als Windows opgestart is dan krijg ik nog steeds de foutmelding dat er een fout is opgetreden in iexplore.exe.

    Hier bij nog een log-file

    gr. Laurens

    Logfile of HijackThis v1.99.1
    Scan saved at 19:14:57, on 26-4-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ULi5287\ULi5287.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\sdfdil.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - blank
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://84.41.135.154/WinWebPush.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

  • TeaTimer is actief
    Deze moet tijdelijk worden gestopt om de wijzigingen van hijackthis aan het register door te kunnen voeren.'

    Kijk hier hoe je deze moet uitzetten: Disable TeaTimer

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:eec1df217b]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    [/b:eec1df217b]
    Klik op 'Fix checked' om de items te verwijderen.


    Download [b:eec1df217b]Dr.Web CureIt[/b:eec1df217b] naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    Dubbelklik [b:eec1df217b]drweb-cureit.exe[/b:eec1df217b] en sta het toe om de express scan te starten.
    Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    Eenmaal de korte scan is beeïndigd, Klik [b:eec1df217b]Options[/b:eec1df217b] > Change Settings
    Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
    Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    Klik daarna de [b:eec1df217b]groene pijl[/b:eec1df217b] rechts om de scan te starten.
    Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:eec1df217b]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:eec1df217b]
    Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:eec1df217b]Move incurable[/b:eec1df217b] zoals je zal zien in volgende afbeelding:
    [img:eec1df217b]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:eec1df217b]
    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:eec1df217b]file[/b:eec1df217b] en kies [b:eec1df217b]save report list[/b:eec1df217b]. Bewaar de log op je bureaublad.
    Sluit daarna Dr.Web Cureit.

    [b:eec1df217b]Herstart[/b:eec1df217b] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.


    aub een nieuw HJT logje
  • Hoi

    Ik heb eea uitgevoerd. Bij opnieuw opstarten heb ik geen foutmelding meer gekregen.
    Hierbij de logs.

    Gr Laurens

    main.sys c:\windows\system32 BackDoor.Bulknet Deleted.
    dfxxu.exe C:\ Trojan.DownLoader.19256 Deleted.
    fbikn.exe C:\ Win32.HLLM.Bid Deleted.
    vfvvboug.exe C:\ Trojan.Proxy.1725 Deleted.
    RegUBP2b-Laurens.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots Trojan.StartPage.1505 Deleted.
    iesplugin.dll_tobedeleted C:\Program Files\Video ActiveX Object Trojan.Popuper Deleted.
    isaddon.dll_tobedeleted C:\Program Files\Video ActiveX Object Trojan.Popuper Deleted.
    A0018353.dll:fork2 C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP132 Trojan.MulDrop.5876 Deleted.
    A0019353.dll:fork2 C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP132 Trojan.MulDrop.5876 Deleted.
    A0022353.dll:fork2 C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP135 Trojan.MulDrop.5876 Deleted.
    A0023353.dll:fork2 C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP135 Trojan.MulDrop.5876 Deleted.
    A0024353.dll:fork2 C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP135 Trojan.MulDrop.5876 Deleted.
    A0026359.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP139 Trojan.Click.1290 Deleted.
    A0029357.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP141 Trojan.MulDrop.5876 Deleted.
    A0030357.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP141 Trojan.MulDrop.5876 Deleted.
    A0006526.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP70 Adware.TrustIn Incurable.Moved.
    A0006527.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP70 Trojan.MulDrop.4317 Deleted.
    A0006543.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP71 Adware.TrustIn Incurable.Moved.
    A0006544.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP71 Trojan.MulDrop.4317 Deleted.
    A0006636.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP73 Adware.TrustIn Incurable.Moved.
    A0006637.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP73 Trojan.MulDrop.4317 Deleted.
    A0006729.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP76 Adware.TrustIn Incurable.Moved.
    A0006730.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP76 Trojan.MulDrop.4317 Deleted.
    A0006731.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP76 Adware.AzeSearch Incurable.Moved.
    A0006732.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP76 Trojan.Click.1716 Deleted.
    A0006770.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP77 Trojan.Click.1716 Deleted.
    A0006810.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP78 Adware.TrustIn Incurable.Moved.
    A0006811.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP78 Trojan.MulDrop.4317 Deleted.
    A0006812.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP78 Adware.AzeSearch Incurable.Moved.
    A0006813.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP78 Trojan.Click.1716 Deleted.
    A0006946.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP80 Adware.AzeSearch Incurable.Moved.
    A0006947.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP80 Trojan.MulDrop.4317 Deleted.
    A0006948.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP80 Adware.TrustIn Incurable.Moved.
    A0006961.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP80 Trojan.Click.1716 Deleted.
    A0006990.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP82 Adware.AzeSearch Incurable.Moved.
    A0006991.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP82 Trojan.MulDrop.4317 Deleted.
    A0006992.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP82 Trojan.Click.1716 Deleted.
    A0006993.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP82 Adware.TrustIn Incurable.Moved.
    A0007038.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP82 Trojan.Click.1716 Deleted.
    A0007055.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP83 Adware.TrustIn Incurable.Moved.
    A0007056.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP83 Trojan.MulDrop.4317 Deleted.
    A0007057.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP83 Adware.AzeSearch Incurable.Moved.
    A0007088.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP83 Trojan.Click.1716 Deleted.
    A0007120.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP84 Trojan.Click.1716 Deleted.
    A0007159.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP85 Adware.AzeSearch Incurable.Moved.
    A0007160.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP85 Trojan.MulDrop.4317 Deleted.
    A0007161.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP85 Trojan.Click.1716 Deleted.
    A0007162.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP85 Adware.TrustIn Incurable.Moved.
    A0007180.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP86 Adware.TrustIn Incurable.Moved.
    A0007181.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP86 Trojan.MulDrop.4317 Deleted.
    A0007182.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP86 Adware.AzeSearch Incurable.Moved.
    A0007190.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP86 Trojan.Click.1716 Deleted.
    A0007211.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP87 Adware.TrustIn Incurable.Moved.
    A0007212.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP87 Trojan.MulDrop.4317 Deleted.
    A0007213.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP87 Adware.AzeSearch Incurable.Moved.
    A0007214.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP87 Trojan.Click.1716 Deleted.
    A0007231.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP87 Adware.TrustIn Incurable.Moved.
    A0007232.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP87 Trojan.MulDrop.4317 Deleted.
    A0007233.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP87 Adware.AzeSearch Incurable.Moved.
    A0007278.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP88 Trojan.Click.1716 Deleted.
    A0007300.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP89 Trojan.Click.1716 Deleted.
    A0007319.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP89 Adware.AzeSearch Incurable.Moved.
    A0007320.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP89 Trojan.MulDrop.4317 Deleted.
    A0007321.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP89 Trojan.Click.1716 Deleted.
    A0007322.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP89 Adware.TrustIn Incurable.Moved.
    A0007323.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP89 Trojan.Click.1290 Deleted.
    A0007354.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP90 Adware.TrustIn Incurable.Moved.
    A0007355.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP90 Trojan.MulDrop.4317 Deleted.
    A0007356.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP90 Adware.AzeSearch Incurable.Moved.
    A0007357.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP90 Trojan.Click.1716 Deleted.
    A0007454.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP93 Adware.TrustIn Incurable.Moved.
    A0007455.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP93 Trojan.MulDrop.4317 Deleted.
    A0007456.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP93 Adware.AzeSearch Incurable.Moved.
    A0007628.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP94 Adware.TrustIn Incurable.Moved.
    acluiv.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    adsldpcs.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    adsmsexts.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    adsmsextsb.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    adsndsv.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    adsnts.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    adsnwv.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    advapi32b.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    amstreamb.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    ati2cqaga.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    ati2dvaaa.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    ati2dvags.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    ati3duagb.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    ati3duagba.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    ativvaxxs.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    atmpvcnov.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    autodiscs.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    avicaps.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    avifil32s.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    bidisplb.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    bidispls.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    browservb.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    btgpio32v.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    cabineta.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    cabinetv.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    capicoma.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    capicoms.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    catsrvv.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    certcliv.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    cewmdms.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    cicb.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    clbcatexv.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
    max1d1641.exe C:\WINDOWS\system32 Dialer.Maxd Deleted.
    sdfdil.exe C:\WINDOWS\system32 Dialer.Maxd Deleted.
    ws2_32(2).dll:fork2 C:\WINDOWS\system32 Trojan.MulDrop.5876 Deleted.
    ws2_32(3).dll:fork2 C:\WINDOWS\system32 Trojan.MulDrop.5876 Deleted.
    ws2_32.dll:fork2 C:\WINDOWS\system32 Trojan.MulDrop.5876 Deleted.
    wsys.dll C:\WINDOWS\system32 Trojan.MulDrop.5876 Will be cured after reboot.
    11272593.exe C:\WINDOWS\Temp Trojan.DownLoader.19256 Deleted.
    59515.exe C:\WINDOWS\Temp Trojan.DownLoader.19256 Deleted.
    60906.exe C:\WINDOWS\Temp Trojan.DownLoader.19256 Deleted.
    62531.exe C:\WINDOWS\Temp Trojan.DownLoader.19256 Deleted.
    77765.exe C:\WINDOWS\Temp Trojan.DownLoader.19256 Deleted.
    79250.exe C:\WINDOWS\Temp Trojan.DownLoader.19256 Deleted.




    Logfile of HijackThis v1.99.1
    Scan saved at 10:38:27, on 27-4-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ULi5287\ULi5287.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - blank
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://84.41.135.154/WinWebPush.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

  • Ok, zet je systeemherstel even uit start opnieuw op en zet het dan weer aan aub.

    Download SDFix en klik op "uitvoeren".
    Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

    Herstart de pc in de veilige modus.
    Safe mode for Windows XP
    Herstart de computer
    Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
    Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
    Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter

    Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
    Typ Y en klik enter om het schoonmaakproces te starten.
    Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
    De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
    De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beëindigen en je bureaubladiconen weer te laden.
    Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
    Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log

    vertel even hoe nu de klachten zijn aub.
  • Tot nu toe geen bijzonderheden (wat me al tijden opvalt is dat het opstartscherm van het "moederbord (?)" lang duurt (MSI corecell chip you've ever needed))

    Hier de logs:

    SDFix: Version 1.79

    Run by Laurens - Fri 27-04-2007 - 16:53:50,60

    Microsoft Windows XP [versie 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    EXAMPLE
    kprof
    NDnet1
    poof
    Runtime

    ImagePath:
    \??\C:\WINDOWS\system32\main.sys
    \??\C:\WINDOWS\system32\kprof
    \??\C:\WINDOWS\system32\ksys.sys
    \??\C:\WINDOWS\system32\poof
    \??\C:\WINDOWS\System32\drivers\runtime.sys

    EXAMPLE - Deleted
    kprof - Deleted
    NDnet1 - Deleted
    poof - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File


    Rebooting…

    Normal Mode:
    Checking Files:

    Below files will be copied to Backups folder then removed:

    C:\-52824~1 - Deleted
    C:\WINDOWS\system32\0_exception.nls - Deleted
    C:\WINDOWS\system32\koos.exe - Deleted
    C:\WINDOWS\system32\kprof - Deleted
    C:\WINDOWS\system32\ksys.sys - Deleted
    C:\WINDOWS\system32\lzx32.sys - Deleted
    C:\WINDOWS\system32\poof - Deleted



    Removing Temp Files

    ADS Check:

    Checking if ADS is attached to system32 Folder
    C:\WINDOWS\system32
    :lzx32.sys 78070
    Total size: 78070 bytes.

    system32: deleted 78070 bytes in 1 streams.

    Checking for remaining Streams

    C:\WINDOWS\system32
    No streams found.

    Checking if ADS is attached to svchost.exe
    C:\WINDOWS\system32\svchost.exe
    No streams found.



    Final Check:

    Remaining Services:
    ——————



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\\Documents and Settings\\Jeannet\\Local Settings\\Temporary Internet Files\\Content.IE5\\ILS16J2V\\incredimail_install[1].exe"="C:\\Documents and Settings\\Jeannet\\Local Settings\\Temporary Internet Files\\Content.IE5\\ILS16J2V\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
    "C:\\Documents and Settings\\Jeannet\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe"="C:\\Documents and Settings\\Jeannet\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
    "C:\\Program Files\\NSLU2 Flash Map Utility\\StorageLink.exe"="C:\\Program Files\\NSLU2 Flash Map Utility\\StorageLink.exe:*:Enabled:Storage Link"
    "C:\\Documents and Settings\\Laurens\\Local Settings\\Temp\\RarSFX1\\FW_Upgrade.exe"="C:\\Documents and Settings\\Laurens\\Local Settings\\Temp\\RarSFX1\\FW_Upgrade.exe:*:Enabled:FW_Upgrade"
    "C:\\Documents and Settings\\Laurens\\Local Settings\\Temp\\RarSFX2\\FW_Upgrade.exe"="C:\\Documents and Settings\\Laurens\\Local Settings\\Temp\\RarSFX2\\FW_Upgrade.exe:*:Enabled:FW_Upgrade"
    "C:\\Program Files\\UltraVNC\\vncviewer.exe"="C:\\Program Files\\UltraVNC\\vncviewer.exe:*:Enabled:VNCViewer"
    "C:\\Program Files\\Titan\\Bin\\titan.exe"="C:\\Program Files\\Titan\\Bin\\titan.exe:*:Enabled:main application"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient"="C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient:*:Enabled:Logitech Harmony Remote Software"
    "C:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"="C:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient"="C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient:*:Enabled:Logitech Harmony Remote Software"
    "C:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"="C:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"


    Remaining Files:
    —————

    Backups Folder: - C:\SDFix\backups\backups.zip

    Checking For Files with Hidden Attributes:

    C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
    C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL0004.tmp
    C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL0005.tmp
    C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL0243.tmp
    C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL1305.tmp
    C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL1464.tmp
    C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL2311.tmp
    C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL2331.tmp
    C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL2393.tmp
    C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL3280.tmp
    C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL3349.tmp
    C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL3655.tmp

    Finished




    Logfile of HijackThis v1.99.1
    Scan saved at 17:01:47, on 27-4-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\ULi5287\ULi5287.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - blank
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://84.41.135.154/WinWebPush.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


  • Hai, nou die fix heeft ook het een en ander geregeld.

    Hoe is het nu met je problemen.
  • Ik moet zeggen, dat de problemen weg zijn.
    Het ziet er allemaal goed uit.

    Hartstikke bedankt voor de hulp.

    Gr. Laurens

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.