Vraag & Antwoord

Beveiliging & privacy

Wie o Wie wil mijn Logje nakijken?

Anoniem
None
9 antwoorden
 • Hoi,

  Is er iemand die naar mijn logfile wil kijken?
  De pc is zeer traag en ik heb tevens van tiscali een waarschuwing gekregen dat ik een onvelige proxy heb.

  In het opstart menu van WinXP (pro-versie) krijg ik een foutmelding van een of ander bewerking die niet opgestart kan worden.
  Tevens als WinXp is gestart krijg ik 2 pop-ups dat ieexplorer een foutieve….blablabla excuses voor het ongemak.

  Wie o wie helpt mij met dit logfiletje om mijn pc op te schonen

  gr Laurens


  Logfile of HijackThis v1.99.1
  Scan saved at 0:27:43, on 26-4-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\System32\cisvc.exe
  C:\Program Files\Ahead\InCD\InCDsrv.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\ULi5287\ULi5287.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\WINDOWS\RTHDCPL.EXE
  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
  C:\Program Files\Ahead\InCD\InCD.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
  C:\Program Files\Lexmark 4300 Series\lxcemon.exe
  C:\Program Files\Lexmark 4300 Series\ezprint.exe
  C:\WINDOWS\system32\lxcecoms.exe
  C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
  C:\Program Files\Microsoft ActiveSync\wcescomm.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  C:\PROGRA~1\MI3AA1~1\rapimgr.exe
  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
  C:\Program Files\WinRAR\WinRAR.exe
  C:\DOCUME~1\Laurens\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe
  C:\DOCUME~1\Laurens\LOCALS~1\Temp\Rar$EX00.485\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - blank (file missing)
  O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - blank (file missing)
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O2 - BHO: ContextualAds Class - {FE6C16C4-16AD-47B6-B250-26AD1829E49A} - blank (file missing)
  O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
  O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
  O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
  O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
  O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
  O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - blank
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://84.41.135.154/WinWebPush.cab
  O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
  O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 • Installeer hijackthis.exe bijv. in C:\Program Files\[b:e38e3f7ad8]Hijackthis[/b:e38e3f7ad8]
  Dit in verband met de backups die dit programma maakt.

  Start Hijackthis op en kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:e38e3f7ad8]
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - blank (file missing)
  O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - blank (file missing)
  O2 - BHO: ContextualAds Class - {FE6C16C4-16AD-47B6-B250-26AD1829E49A} - blank (file missing)
  [/b:e38e3f7ad8]
  Sluit alle vensters behalve Hijackthis
  Klik op 'Fix checked' om de items te verwijderen.


  start opnieuw op en plaats een nieuw HJT logje en vertel gelijk wat je verdere problemen zijn.
 • Hoi

  Bedankt voor de reactie.
  Ik heb de actie uitgevoerd. Als Windows opgestart is dan krijg ik nog steeds de foutmelding dat er een fout is opgetreden in iexplore.exe.

  Hier bij nog een log-file

  gr. Laurens

  Logfile of HijackThis v1.99.1
  Scan saved at 19:14:57, on 26-4-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\System32\cisvc.exe
  C:\Program Files\Ahead\InCD\InCDsrv.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\ULi5287\ULi5287.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\WINDOWS\RTHDCPL.EXE
  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
  C:\Program Files\Ahead\InCD\InCD.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
  C:\Program Files\Lexmark 4300 Series\lxcemon.exe
  C:\Program Files\Lexmark 4300 Series\ezprint.exe
  C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
  C:\WINDOWS\system32\lxcecoms.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\WINDOWS\system32\sdfdil.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
  C:\Program Files\Microsoft ActiveSync\wcescomm.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\PROGRA~1\MI3AA1~1\rapimgr.exe
  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\Program Files\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
  O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
  O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
  O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
  O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
  O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
  O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - blank
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://84.41.135.154/WinWebPush.cab
  O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
  O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 • TeaTimer is actief
  Deze moet tijdelijk worden gestopt om de wijzigingen van hijackthis aan het register door te kunnen voeren.'

  Kijk hier hoe je deze moet uitzetten: Disable TeaTimer

  Start Hijackthis op en kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:eec1df217b]
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
  [/b:eec1df217b]
  Klik op 'Fix checked' om de items te verwijderen.


  Download [b:eec1df217b]Dr.Web CureIt[/b:eec1df217b] naar je bureaublad:
  ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  Dubbelklik [b:eec1df217b]drweb-cureit.exe[/b:eec1df217b] en sta het toe om de express scan te starten.
  Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
  Eenmaal de korte scan is beeïndigd, Klik [b:eec1df217b]Options[/b:eec1df217b] > Change Settings
  Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
  Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
  Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
  Klik daarna de [b:eec1df217b]groene pijl[/b:eec1df217b] rechts om de scan te starten.
  Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
  Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:eec1df217b]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:eec1df217b]
  Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:eec1df217b]Move incurable[/b:eec1df217b] zoals je zal zien in volgende afbeelding:
  [img:eec1df217b]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:eec1df217b]
  Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
  Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:eec1df217b]file[/b:eec1df217b] en kies [b:eec1df217b]save report list[/b:eec1df217b]. Bewaar de log op je bureaublad.
  Sluit daarna Dr.Web Cureit.

  [b:eec1df217b]Herstart[/b:eec1df217b] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
  Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.


  aub een nieuw HJT logje
 • Hoi

  Ik heb eea uitgevoerd. Bij opnieuw opstarten heb ik geen foutmelding meer gekregen.
  Hierbij de logs.

  Gr Laurens

  main.sys c:\windows\system32 BackDoor.Bulknet Deleted.
  dfxxu.exe C:\ Trojan.DownLoader.19256 Deleted.
  fbikn.exe C:\ Win32.HLLM.Bid Deleted.
  vfvvboug.exe C:\ Trojan.Proxy.1725 Deleted.
  RegUBP2b-Laurens.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots Trojan.StartPage.1505 Deleted.
  iesplugin.dll_tobedeleted C:\Program Files\Video ActiveX Object Trojan.Popuper Deleted.
  isaddon.dll_tobedeleted C:\Program Files\Video ActiveX Object Trojan.Popuper Deleted.
  A0018353.dll:fork2 C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP132 Trojan.MulDrop.5876 Deleted.
  A0019353.dll:fork2 C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP132 Trojan.MulDrop.5876 Deleted.
  A0022353.dll:fork2 C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP135 Trojan.MulDrop.5876 Deleted.
  A0023353.dll:fork2 C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP135 Trojan.MulDrop.5876 Deleted.
  A0024353.dll:fork2 C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP135 Trojan.MulDrop.5876 Deleted.
  A0026359.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP139 Trojan.Click.1290 Deleted.
  A0029357.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP141 Trojan.MulDrop.5876 Deleted.
  A0030357.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP141 Trojan.MulDrop.5876 Deleted.
  A0006526.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP70 Adware.TrustIn Incurable.Moved.
  A0006527.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP70 Trojan.MulDrop.4317 Deleted.
  A0006543.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP71 Adware.TrustIn Incurable.Moved.
  A0006544.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP71 Trojan.MulDrop.4317 Deleted.
  A0006636.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP73 Adware.TrustIn Incurable.Moved.
  A0006637.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP73 Trojan.MulDrop.4317 Deleted.
  A0006729.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP76 Adware.TrustIn Incurable.Moved.
  A0006730.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP76 Trojan.MulDrop.4317 Deleted.
  A0006731.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP76 Adware.AzeSearch Incurable.Moved.
  A0006732.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP76 Trojan.Click.1716 Deleted.
  A0006770.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP77 Trojan.Click.1716 Deleted.
  A0006810.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP78 Adware.TrustIn Incurable.Moved.
  A0006811.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP78 Trojan.MulDrop.4317 Deleted.
  A0006812.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP78 Adware.AzeSearch Incurable.Moved.
  A0006813.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP78 Trojan.Click.1716 Deleted.
  A0006946.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP80 Adware.AzeSearch Incurable.Moved.
  A0006947.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP80 Trojan.MulDrop.4317 Deleted.
  A0006948.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP80 Adware.TrustIn Incurable.Moved.
  A0006961.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP80 Trojan.Click.1716 Deleted.
  A0006990.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP82 Adware.AzeSearch Incurable.Moved.
  A0006991.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP82 Trojan.MulDrop.4317 Deleted.
  A0006992.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP82 Trojan.Click.1716 Deleted.
  A0006993.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP82 Adware.TrustIn Incurable.Moved.
  A0007038.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP82 Trojan.Click.1716 Deleted.
  A0007055.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP83 Adware.TrustIn Incurable.Moved.
  A0007056.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP83 Trojan.MulDrop.4317 Deleted.
  A0007057.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP83 Adware.AzeSearch Incurable.Moved.
  A0007088.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP83 Trojan.Click.1716 Deleted.
  A0007120.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP84 Trojan.Click.1716 Deleted.
  A0007159.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP85 Adware.AzeSearch Incurable.Moved.
  A0007160.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP85 Trojan.MulDrop.4317 Deleted.
  A0007161.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP85 Trojan.Click.1716 Deleted.
  A0007162.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP85 Adware.TrustIn Incurable.Moved.
  A0007180.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP86 Adware.TrustIn Incurable.Moved.
  A0007181.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP86 Trojan.MulDrop.4317 Deleted.
  A0007182.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP86 Adware.AzeSearch Incurable.Moved.
  A0007190.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP86 Trojan.Click.1716 Deleted.
  A0007211.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP87 Adware.TrustIn Incurable.Moved.
  A0007212.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP87 Trojan.MulDrop.4317 Deleted.
  A0007213.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP87 Adware.AzeSearch Incurable.Moved.
  A0007214.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP87 Trojan.Click.1716 Deleted.
  A0007231.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP87 Adware.TrustIn Incurable.Moved.
  A0007232.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP87 Trojan.MulDrop.4317 Deleted.
  A0007233.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP87 Adware.AzeSearch Incurable.Moved.
  A0007278.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP88 Trojan.Click.1716 Deleted.
  A0007300.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP89 Trojan.Click.1716 Deleted.
  A0007319.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP89 Adware.AzeSearch Incurable.Moved.
  A0007320.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP89 Trojan.MulDrop.4317 Deleted.
  A0007321.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP89 Trojan.Click.1716 Deleted.
  A0007322.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP89 Adware.TrustIn Incurable.Moved.
  A0007323.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP89 Trojan.Click.1290 Deleted.
  A0007354.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP90 Adware.TrustIn Incurable.Moved.
  A0007355.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP90 Trojan.MulDrop.4317 Deleted.
  A0007356.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP90 Adware.AzeSearch Incurable.Moved.
  A0007357.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP90 Trojan.Click.1716 Deleted.
  A0007454.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP93 Adware.TrustIn Incurable.Moved.
  A0007455.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP93 Trojan.MulDrop.4317 Deleted.
  A0007456.exe C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP93 Adware.AzeSearch Incurable.Moved.
  A0007628.dll C:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP94 Adware.TrustIn Incurable.Moved.
  acluiv.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  adsldpcs.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  adsmsexts.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  adsmsextsb.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  adsndsv.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  adsnts.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  adsnwv.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  advapi32b.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  amstreamb.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  ati2cqaga.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  ati2dvaaa.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  ati2dvags.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  ati3duagb.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  ati3duagba.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  ativvaxxs.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  atmpvcnov.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  autodiscs.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  avicaps.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  avifil32s.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  bidisplb.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  bidispls.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  browservb.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  btgpio32v.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  cabineta.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  cabinetv.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  capicoma.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  capicoms.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  catsrvv.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  certcliv.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  cewmdms.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  cicb.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  clbcatexv.dll C:\WINDOWS\system32 Trojan.Click.1290 Deleted.
  max1d1641.exe C:\WINDOWS\system32 Dialer.Maxd Deleted.
  sdfdil.exe C:\WINDOWS\system32 Dialer.Maxd Deleted.
  ws2_32(2).dll:fork2 C:\WINDOWS\system32 Trojan.MulDrop.5876 Deleted.
  ws2_32(3).dll:fork2 C:\WINDOWS\system32 Trojan.MulDrop.5876 Deleted.
  ws2_32.dll:fork2 C:\WINDOWS\system32 Trojan.MulDrop.5876 Deleted.
  wsys.dll C:\WINDOWS\system32 Trojan.MulDrop.5876 Will be cured after reboot.
  11272593.exe C:\WINDOWS\Temp Trojan.DownLoader.19256 Deleted.
  59515.exe C:\WINDOWS\Temp Trojan.DownLoader.19256 Deleted.
  60906.exe C:\WINDOWS\Temp Trojan.DownLoader.19256 Deleted.
  62531.exe C:\WINDOWS\Temp Trojan.DownLoader.19256 Deleted.
  77765.exe C:\WINDOWS\Temp Trojan.DownLoader.19256 Deleted.
  79250.exe C:\WINDOWS\Temp Trojan.DownLoader.19256 Deleted.
  Logfile of HijackThis v1.99.1
  Scan saved at 10:38:27, on 27-4-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\System32\cisvc.exe
  C:\Program Files\Ahead\InCD\InCDsrv.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\ULi5287\ULi5287.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\WINDOWS\RTHDCPL.EXE
  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
  C:\Program Files\Ahead\InCD\InCD.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
  C:\Program Files\Lexmark 4300 Series\lxcemon.exe
  C:\Program Files\Lexmark 4300 Series\ezprint.exe
  C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
  C:\Program Files\Microsoft ActiveSync\wcescomm.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  C:\PROGRA~1\MI3AA1~1\rapimgr.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\lxcecoms.exe
  C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
  C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
  C:\Program Files\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
  O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
  O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
  O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
  O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
  O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - blank
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://84.41.135.154/WinWebPush.cab
  O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
  O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 • Ok, zet je systeemherstel even uit start opnieuw op en zet het dan weer aan aub.

  Download SDFix en klik op "uitvoeren".
  Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

  Herstart de pc in de veilige modus.
  Safe mode for Windows XP
  Herstart de computer
  Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
  Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
  Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter

  Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
  Typ Y en klik enter om het schoonmaakproces te starten.
  Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
  De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
  De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beëindigen en je bureaubladiconen weer te laden.
  Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
  Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log

  vertel even hoe nu de klachten zijn aub.
 • Tot nu toe geen bijzonderheden (wat me al tijden opvalt is dat het opstartscherm van het "moederbord (?)" lang duurt (MSI corecell chip you've ever needed))

  Hier de logs:

  SDFix: Version 1.79

  Run by Laurens - Fri 27-04-2007 - 16:53:50,60

  Microsoft Windows XP [versie 5.1.2600]

  Running From: C:\SDFix

  Safe Mode:
  Checking Services:

  Name:
  EXAMPLE
  kprof
  NDnet1
  poof
  Runtime

  ImagePath:
  \??\C:\WINDOWS\system32\main.sys
  \??\C:\WINDOWS\system32\kprof
  \??\C:\WINDOWS\system32\ksys.sys
  \??\C:\WINDOWS\system32\poof
  \??\C:\WINDOWS\System32\drivers\runtime.sys

  EXAMPLE - Deleted
  kprof - Deleted
  NDnet1 - Deleted
  poof - Deleted  Restoring Windows Registry Values
  Restoring Windows Default Hosts File


  Rebooting…

  Normal Mode:
  Checking Files:

  Below files will be copied to Backups folder then removed:

  C:\-52824~1 - Deleted
  C:\WINDOWS\system32\0_exception.nls - Deleted
  C:\WINDOWS\system32\koos.exe - Deleted
  C:\WINDOWS\system32\kprof - Deleted
  C:\WINDOWS\system32\ksys.sys - Deleted
  C:\WINDOWS\system32\lzx32.sys - Deleted
  C:\WINDOWS\system32\poof - Deleted  Removing Temp Files

  ADS Check:

  Checking if ADS is attached to system32 Folder
  C:\WINDOWS\system32
  :lzx32.sys 78070
  Total size: 78070 bytes.

  system32: deleted 78070 bytes in 1 streams.

  Checking for remaining Streams

  C:\WINDOWS\system32
  No streams found.

  Checking if ADS is attached to svchost.exe
  C:\WINDOWS\system32\svchost.exe
  No streams found.  Final Check:

  Remaining Services:
  ——————  Authorized Application Key Export:

  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
  "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
  "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
  "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
  "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
  "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
  "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
  "C:\\Documents and Settings\\Jeannet\\Local Settings\\Temporary Internet Files\\Content.IE5\\ILS16J2V\\incredimail_install[1].exe"="C:\\Documents and Settings\\Jeannet\\Local Settings\\Temporary Internet Files\\Content.IE5\\ILS16J2V\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
  "C:\\Documents and Settings\\Jeannet\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe"="C:\\Documents and Settings\\Jeannet\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
  "C:\\Program Files\\NSLU2 Flash Map Utility\\StorageLink.exe"="C:\\Program Files\\NSLU2 Flash Map Utility\\StorageLink.exe:*:Enabled:Storage Link"
  "C:\\Documents and Settings\\Laurens\\Local Settings\\Temp\\RarSFX1\\FW_Upgrade.exe"="C:\\Documents and Settings\\Laurens\\Local Settings\\Temp\\RarSFX1\\FW_Upgrade.exe:*:Enabled:FW_Upgrade"
  "C:\\Documents and Settings\\Laurens\\Local Settings\\Temp\\RarSFX2\\FW_Upgrade.exe"="C:\\Documents and Settings\\Laurens\\Local Settings\\Temp\\RarSFX2\\FW_Upgrade.exe:*:Enabled:FW_Upgrade"
  "C:\\Program Files\\UltraVNC\\vncviewer.exe"="C:\\Program Files\\UltraVNC\\vncviewer.exe:*:Enabled:VNCViewer"
  "C:\\Program Files\\Titan\\Bin\\titan.exe"="C:\\Program Files\\Titan\\Bin\\titan.exe:*:Enabled:main application"
  "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)"
  "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
  "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
  "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
  "C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient"="C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient:*:Enabled:Logitech Harmony Remote Software"
  "C:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"="C:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper"
  "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
  "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
  "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
  "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
  "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
  "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
  "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
  "C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient"="C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient:*:Enabled:Logitech Harmony Remote Software"
  "C:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"="C:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper"
  "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"


  Remaining Files:
  —————

  Backups Folder: - C:\SDFix\backups\backups.zip

  Checking For Files with Hidden Attributes:

  C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
  C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL0004.tmp
  C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL0005.tmp
  C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL0243.tmp
  C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL1305.tmp
  C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL1464.tmp
  C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL2311.tmp
  C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL2331.tmp
  C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL2393.tmp
  C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL3280.tmp
  C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL3349.tmp
  C:\Documents and Settings\Jeannet\Application Data\Microsoft\Word\~WRL3655.tmp

  Finished
  Logfile of HijackThis v1.99.1
  Scan saved at 17:01:47, on 27-4-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\System32\cisvc.exe
  C:\Program Files\Ahead\InCD\InCDsrv.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\notepad.exe
  C:\Program Files\ULi5287\ULi5287.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\WINDOWS\RTHDCPL.EXE
  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
  C:\Program Files\Ahead\InCD\InCD.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
  C:\Program Files\Lexmark 4300 Series\lxcemon.exe
  C:\Program Files\Lexmark 4300 Series\ezprint.exe
  C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
  C:\WINDOWS\system32\lxcecoms.exe
  C:\Program Files\Microsoft ActiveSync\wcescomm.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  C:\PROGRA~1\MI3AA1~1\rapimgr.exe
  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
  O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [NSLU2 Flash Map Utility] C:\Program Files\NSLU2 Flash Map Utility\StorageLink.exe
  O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
  O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
  O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
  O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - blank
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://84.41.135.154/WinWebPush.cab
  O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
  O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 • Hai, nou die fix heeft ook het een en ander geregeld.

  Hoe is het nu met je problemen.
 • Ik moet zeggen, dat de problemen weg zijn.
  Het ziet er allemaal goed uit.

  Hartstikke bedankt voor de hulp.

  Gr. Laurens

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.