Vraag & Antwoord

Beveiliging & privacy

Steeds Pop-ups 2

Anoniem
None
12 antwoorden
 • Op 1 of andere manier is mijn laatste bericht uit het forum verdwenen. Dus nogmaals. Ik krijg continu pop-ups van Partypoker en Drivecleaner en een heleboel andere. Verder krijg ik regelmatig meldingen van mijn Virusscnanner over JS/CVE-2006-3730@expl en JS/Psyme.Ca@dl. Ik heb al een reaktie gehad op mijn Hijjackthis log maar die is verdewenen. dus nogmaals hierbij mijn logfile.

  Logfile of HijackThis v1.99.1
  Scan saved at 13:09:56, on 9-5-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16441)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\PCVEIL~1\backweb\9743894\Program\SERVIC~1.EXE
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\WINDOWS\System32\CTsvcCDA.exe
  C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe
  C:\Program Files\PC Veilig\Anti-Virus\FSGK32.EXE
  C:\Program Files\PC Veilig\backweb\9743894\program\fsbwsys.exe
  C:\Program Files\PC Veilig\Anti-Virus\fssm32.exe
  C:\Program Files\PC Veilig\Common\FSMA32.EXE
  C:\Program Files\PC Veilig\Common\FSMB32.EXE
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\Program Files\Eset\nod32krn.exe
  C:\Program Files\PC Veilig\Common\FCH32.EXE
  C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\PC Veilig\Anti-Virus\fsqh.exe
  C:\Program Files\PC Veilig\Common\FAMEH32.EXE
  C:\Program Files\PC Veilig\Anti-Virus\fsrw.exe
  C:\Program Files\PC Veilig\FSPC\fspc.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\UAService7.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\WINDOWS\System32\Fast.exe
  C:\Program Files\PC Veilig\Anti-Virus\fsav32.exe
  C:\Program Files\Eicon\Diva\watch.exe
  C:\WINDOWS\System32\DSentry.exe
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\Program Files\Eicon\Diva\Divamon.exe
  C:\Program Files\Eicon\Diva\DiTask.exe
  C:\WINDOWS\System32\taskswitch.exe
  C:\Program Files\Eicon\Diva\cgserver.exe
  C:\Program Files\Eicon\Diva\diinfo.exe
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
  C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
  C:\WINDOWS\system32\LVCOMSX.EXE
  C:\Program Files\Logitech\Video\LogiTray.exe
  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe
  C:\WINDOWS\system32\CTHELPER.EXE
  C:\Program Files\PC Veilig\Common\FSM32.EXE
  C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
  C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Logitech\MouseWare\system\em_exec.exe
  C:\Program Files\MP3 CD Extractor\CD-Extractor.exe
  C:\Program Files\Logitech\Video\FxSvr2.exe
  C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
  C:\Program Files\PC Veilig\backweb\9743894\Program\fspex.exe
  C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
  C:\Palm\HOTSYNC.EXE
  C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
  C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\PROGRA~1\PCVEIL~1\ANTI-S~1\fsaw.exe
  C:\Program Files\PC Veilig\FSGUI\fsguidll.exe
  C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\WINDOWS\explorer.exe
  C:\Program Files\Hijack This\hijackthis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
  O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
  O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Program Files\Eicon\Diva\watch.exe"
  O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  O4 - HKLM\..\Run: [Divamon.exe] "C:\Program Files\Eicon\Diva\Divamon.exe"
  O4 - HKLM\..\Run: [DiTask.exe] "C:\Program Files\Eicon\Diva\DiTask.exe"
  O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
  O4 - HKLM\..\Run: [CGServer] "C:\Program Files\Eicon\Diva\cgserver.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
  O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
  O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe"
  O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
  O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
  O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Veilig\Common\FSM32.EXE" /splash
  O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Veilig\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
  O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\PC Veilig\FSGUI\FSSW.EXE" /reboot
  O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
  O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
  O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
  O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
  O4 - HKCU\..\Run: [MP3 CD Extractor] "C:\Program Files\MP3 CD Extractor\CD-Extractor.exe" hmw
  O4 - Startup: HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
  O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
  O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: PC Veilig.lnk = C:\Program Files\PC Veilig\backweb\9743894\Program\fspex.exe
  O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
  O8 - Extra context menu item: &Deze pop-up blokkeren - C:\Program Files\PC Veilig\Anti-Spyware\blockpopups.htm
  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
  O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
  O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll
  O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll
  O9 - Extra 'Tools' menuitem: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
  O9 - Extra button: IE-shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\Anti-Spyware\ieshield.dll
  O9 - Extra 'Tools' menuitem: IE-shield… - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\Anti-Spyware\ieshield.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Music Manager) - http://img.od2.com/installation/pluginname/music%20manager/MusicManagerPlugin.CAB
  O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
  O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
  O23 - Service: PC Veilig (BackWeb Plug-in - 9743894) - F-Secure Corp. - C:\PROGRA~1\PCVEIL~1\backweb\9743894\Program\SERVIC~1.EXE
  O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
  O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe
  O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\PC Veilig\backweb\9743894\program\fsbwsys.exe
  O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe
  O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\PC Veilig\FSPC\fshttps\fshttps.exe
  O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Veilig\Common\FSMA32.EXE
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
  O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
  O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
 • (ManifestEngine is niet nodig. Programma controleert voor updates van Logitech.)

  Download LSPFix.exe van deze site http://cexx.org/lspfix.htm
  1. Start het programma.
  2. Selecteer "I know what I'am doing"
  3. Selecteer ALLEEN dit bestand: [b:d2a42e433b]winsflt.dll[/b:d2a42e433b]
  4. Klik op "remove" zodat het bestand naar het rechter venster gaat.
  5. Klik op "Finish"
  6. Herstart de pc.
  7. Verwijder het bovengenoemde bestand uit de C:\Windows\System32\ directory (als het bestand niet missing is)


  De volgende items zijn optioneel om te fixen:
  [b:d2a42e433b]
  O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
  [/b:d2a42e433b]


  Nieuw HJT logje aub.
 • Heb lspfix.htm gedraait. Heb winsflt.dll verwijderd. Op het moment dat ik dit schrijf, verschijnt er weer een pop-up van casino. Hieronder mijn nieuwe HJT log:

  Logfile of HijackThis v1.99.1
  Scan saved at 8:14:38, on 11-5-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16441)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\PCVEIL~1\backweb\9743894\Program\SERVIC~1.EXE
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\WINDOWS\System32\CTsvcCDA.exe
  C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe
  C:\Program Files\PC Veilig\Anti-Virus\FSGK32.EXE
  C:\Program Files\PC Veilig\backweb\9743894\program\fsbwsys.exe
  C:\Program Files\PC Veilig\Common\FSMA32.EXE
  C:\Program Files\PC Veilig\Anti-Virus\fssm32.exe
  C:\Program Files\PC Veilig\Common\FSMB32.EXE
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\Program Files\Eset\nod32krn.exe
  C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
  C:\Program Files\PC Veilig\Common\FCH32.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\PC Veilig\Anti-Virus\fsqh.exe
  C:\Program Files\PC Veilig\Common\FAMEH32.EXE
  C:\Program Files\PC Veilig\Anti-Virus\fsrw.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\UAService7.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\WINDOWS\System32\Fast.exe
  C:\Program Files\PC Veilig\Anti-Virus\fsav32.exe
  C:\Program Files\Eicon\Diva\watch.exe
  C:\WINDOWS\System32\DSentry.exe
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\Program Files\Eicon\Diva\Divamon.exe
  C:\Program Files\Eicon\Diva\DiTask.exe
  C:\WINDOWS\System32\taskswitch.exe
  C:\Program Files\Eicon\Diva\cgserver.exe
  C:\Program Files\Eicon\Diva\diinfo.exe
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
  C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
  C:\WINDOWS\system32\LVCOMSX.EXE
  C:\Program Files\Logitech\Video\LogiTray.exe
  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe
  C:\WINDOWS\system32\CTHELPER.EXE
  C:\Program Files\PC Veilig\Common\FSM32.EXE
  C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
  C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Logitech\Video\FxSvr2.exe
  C:\Program Files\MP3 CD Extractor\CD-Extractor.exe
  C:\Program Files\Logitech\MouseWare\system\em_exec.exe
  C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
  C:\Program Files\PC Veilig\backweb\9743894\Program\fspex.exe
  C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
  C:\Palm\HOTSYNC.EXE
  C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
  C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\Program Files\Hijack This\hijackthis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
  O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
  O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Program Files\Eicon\Diva\watch.exe"
  O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  O4 - HKLM\..\Run: [Divamon.exe] "C:\Program Files\Eicon\Diva\Divamon.exe"
  O4 - HKLM\..\Run: [DiTask.exe] "C:\Program Files\Eicon\Diva\DiTask.exe"
  O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
  O4 - HKLM\..\Run: [CGServer] "C:\Program Files\Eicon\Diva\cgserver.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
  O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
  O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe"
  O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
  O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
  O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Veilig\Common\FSM32.EXE" /splash
  O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Veilig\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
  O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\PC Veilig\FSGUI\FSSW.EXE" /reboot
  O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
  O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
  O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
  O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
  O4 - HKCU\..\Run: [MP3 CD Extractor] "C:\Program Files\MP3 CD Extractor\CD-Extractor.exe" hmw
  O4 - Startup: HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
  O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
  O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: PC Veilig.lnk = C:\Program Files\PC Veilig\backweb\9743894\Program\fspex.exe
  O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
  O8 - Extra context menu item: &Deze pop-up blokkeren - C:\Program Files\PC Veilig\Anti-Spyware\blockpopups.htm
  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
  O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
  O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll
  O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll
  O9 - Extra 'Tools' menuitem: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
  O9 - Extra button: IE-shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\Anti-Spyware\ieshield.dll
  O9 - Extra 'Tools' menuitem: IE-shield… - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\Anti-Spyware\ieshield.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Music Manager) - http://img.od2.com/installation/pluginname/music%20manager/MusicManagerPlugin.CAB
  O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
  O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
  O23 - Service: PC Veilig (BackWeb Plug-in - 9743894) - F-Secure Corp. - C:\PROGRA~1\PCVEIL~1\backweb\9743894\Program\SERVIC~1.EXE
  O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
  O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe
  O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\PC Veilig\backweb\9743894\program\fsbwsys.exe
  O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe
  O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\PC Veilig\FSPC\fshttps\fshttps.exe
  O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Veilig\Common\FSMA32.EXE
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
  O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
  O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
 • Hmm niet echt iets te vinden,  Kun je eens volgende bestand :[list:046ea5eda2] C:\Program Files\Eicon\Diva\[b:046ea5eda2]Divamon.exe"[/b:046ea5eda2][/list:u:046ea5eda2] uploaden naar :
  [b:046ea5eda2]
  http://www.bleepingcomputer.com/submit-malware.php?channel=9[/b:046ea5eda2]

  Hoe ? : [list:046ea5eda2]1. In het eerste venstertje (Link to topic where this file was requested:) kopieer en plak je deze link :
  [list:046ea5eda2][b:046ea5eda2]http://www.hijackthis.nl/forum/viewtopic.php?t=8350[/b:046ea5eda2][/list:u:046ea5eda2]
  2. In het tweede venstertje (Browse to the file you want to submit: ) kopieer en plak (Ctrl-V) je dit :[list:046ea5eda2][b:046ea5eda2] C:\Program Files\Eicon\Diva\Divamon.exe"[/b:046ea5eda2][/list:u:046ea5eda2]
  3. Klik op de [b:046ea5eda2]Send file[/b:046ea5eda2] knop[/list:u:046ea5eda2]


  Als je dat gedaan hebt,
  Download [b:046ea5eda2]Combofix[/b:046ea5eda2] naar je Bureaublad.
  Dubbelklik [b:046ea5eda2]Combofix.exe[/b:046ea5eda2]
  Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
  Tijdens het runnen van de fix, [b:046ea5eda2]NIET[/b:046ea5eda2] in het venster klikken, want dit zal je pc doen vasthangen.

  Wanneer de fix voltooid is en na herstart, zal de log [b:046ea5eda2]combofix.txt[/b:046ea5eda2] openen.
  Plaats dit log in je volgende post samen met een nieuw HijackThis log.

  NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
 • Hierbij eerst de log van combofix daarna HJT log. Wat mij verder opvalt dat sinds het verwijderen van winsflt.dll, het opstart logo van mijn virusscanner als ook het picrogrammetje van de virusscanner in de taakbalk niet meer verschijnen terwijl het Windows securitycentrum wel aangeeft dat de virusscanner actief is. Ik gebruik PC Veilg.

  "Jozeph" - 2007-05-11 16:02:53 Service Pack 2
  ComboFix 07-05.09.V - Running from: "C:\Documents and Settings\Jozeph\Mijn documenten\drivers\"


  (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


  C:\WINDOWS\system32\Packet.dll
  C:\WINDOWS\system32\pthreadVC.dll
  C:\WINDOWS\system32\WanPacket.dll
  C:\WINDOWS\system32\wpcap.dll
  C:\WINDOWS\system32\drivers\npf.sys


  ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


  ——-\LEGACY_NPF
  ——-\NPF


  ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-11 ))))))))))))))))))))))))))))))))))


  2007-05-08 16:55 <DIR> d——– C:\Program Files\Hijack This
  2007-05-05 13:45 83,536 –a—— C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
  2007-05-05 13:45 626,688 –a—— C:\WINDOWS\SYSTEM32\msvcr80.dll
  2007-05-05 13:45 59,984 –a—— C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
  2007-05-05 13:45 52,304 –a—— C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
  2007-05-05 13:45 39,248 –a—— C:\WINDOWS\SYSTEM32\DRIVERS\ikfileflt.sys
  2007-05-05 13:45 26,064 –a—— C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
  2007-05-05 13:45 <DIR> d——– C:\Program Files\Spyware Doctor
  2007-05-05 13:43 <DIR> d——– C:\DOCUME~1\JEFFOV~1\APPLIC~1\Webroot
  2007-05-04 00:29 512,096 –a—— C:\WINDOWS\SYSTEM32\DRIVERS\amon.sys
  2007-05-04 00:29 298,104 –a—— C:\WINDOWS\SYSTEM32\imon.dll
  2007-05-04 00:29 15,424 –a—— C:\WINDOWS\SYSTEM32\DRIVERS\nod32drv.sys
  2007-05-01 08:08 <DIR> dr-h—– C:\DOCUME~1\JEFFOV~1\Onlangs geopend
  2007-04-26 13:58 <DIR> d——– C:\Program Files\Enigma Software Group
  2007-04-22 08:21 <DIR> d——– C:\Program Files\JAlbum7.1
  2007-04-17 09:37 <DIR> d-a—— C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
  2007-04-17 09:37 <DIR> d——– C:\DOCUME~1\JEFFOV~1\APPLIC~1\PC Tools
  2007-04-12 14:55 28,672 –a—— C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys


  (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


  2007-05-11 14:11:53 ——– d—–w C:\Program Files\Hitman Pro
  2007-05-11 14:09:12 288 —-a-w C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
  2007-05-11 14:09:12 288 —-a-w C:\WINDOWS\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
  2007-05-11 06:09:50 85,502 —-a-w C:\WINDOWS\system32\PERFC013.DAT
  2007-05-11 06:09:50 520,106 —-a-w C:\WINDOWS\system32\PERFH013.DAT
  2007-05-09 06:59:16 ——– d—–w C:\Program Files\Common Files\Symantec Shared
  2007-05-07 13:47:49 ——– d—–w C:\DOCUME~1\JEFFOV~1\APPLIC~1\Skype
  2007-05-05 11:48:25 ——– d—–w C:\Program Files\SpywareBlaster
  2007-05-05 09:03:19 ——– d—–w C:\Program Files\Call of Duty Game of the Year Edition
  2007-05-01 12:58:21 ——– d—–w C:\Program Files\CoffeeCup Software
  2007-05-01 12:58:20 ——– d—–w C:\Program Files\Advanced WindowsCare
  2007-04-12 10:59:31 1,080 —-a-w C:\WINDOWS\AUTOLNCH.REG
  2007-04-10 15:24:18 ——– d—–w C:\Program Files\The Adventure Company
  2007-04-09 13:27:25 84,024 —-a-w C:\DOCUME~1\JEFFOV~1\APPLIC~1\GDIPFONTCACHEV1.DAT
  2007-04-07 13:20:48 ——– d—–w C:\Program Files\MP3 CD Extractor
  2007-04-07 13:20:32 36 —-a-w C:\WINDOWS\system32\mce.dat
  2007-04-03 15:16:30 ——– d—–w C:\Program Files\iTunes
  2007-04-03 15:16:04 ——– d—–w C:\Program Files\iPod
  2007-03-29 14:05:10 ——– d–h–w C:\Program Files\InstallShield Installation Information
  2007-03-29 14:01:22 ——– d—–w C:\Program Files\Ubi Soft
  2007-03-29 13:58:07 ——– d—–w C:\Program Files\Ubisoft
  2007-03-29 13:58:07 ——– d—–w C:\DOCUME~1\JEFFOV~1\APPLIC~1\Gearbox Software
  2007-03-29 13:57:23 ——– d—–w C:\Program Files\Azureus
  2007-03-27 14:52:11 ——– d—–w C:\DOCUME~1\JEFFOV~1\APPLIC~1\Opera
  2007-03-20 13:35:55 ——– d—–w C:\DOCUME~1\JEFFOV~1\APPLIC~1\AdobeUM
  2007-03-20 11:55:07 ——– d—–w C:\Program Files\Common Files\Adobe Systems Shared
  2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
  2007-03-15 10:23:16 497,496 —-a-w C:\WINDOWS\system32\XceedZip.dll
  2007-03-15 10:19:58 526,184 —-a-w C:\WINDOWS\system32\XceedCry.dll
  2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
  2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
  2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
  2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys
  2007-03-06 13:39:42 ——– d—–w C:\Program Files\QuickTime
  2007-03-06 13:37:30 ——– d—–w C:\Program Files\Apple Software Update
  2007-02-05 20:20:07 185,344 —-a-w C:\WINDOWS\system32\upnphost.dll


  (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


  *Note* empty entries & legit default entries are not shown

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
  "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
  "{53707962-6F74-2D53-2644-206D7942484F}"="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"
  "{5CA3D70E-1895-11CF-8E15-001234567890}"="C:\WINDOWS\system32\dla\tfswshx.dll"
  "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
  "{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar1.dll"

  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
  "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
  "FastUser"="C:\\WINDOWS\\System32\\fast.exe"
  "Eicon TechnologyLAN_DAEMON"="\"C:\\Program Files\\Eicon\\Diva\\watch.exe\""
  "DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
  "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
  "Divamon.exe"="\"C:\\Program Files\\Eicon\\Diva\\Divamon.exe\""
  "DiTask.exe"="\"C:\\Program Files\\Eicon\\Diva\\DiTask.exe\""
  "CoolSwitch"="C:\\WINDOWS\\System32\\taskswitch.exe"
  "CGServer"="\"C:\\Program Files\\Eicon\\Diva\\cgserver.exe\""
  "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
  "PCTVRemote"="C:\\Program Files\\Pinnacle\\PCTV Stereo\\Remote\\Remoterm.exe"
  "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
  "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
  "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
  "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
  "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
  "QOELOADER"="\"C:\\Program Files\\Qurb\\QSP-3.0.311.7\\QOELoader.exe\""
  "CTXFIREG"="CTxfiReg.exe"
  "CTHelper"="CTHELPER.EXE"
  "AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
  "UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
  "F-Secure Manager"="\"C:\\Program Files\\PC Veilig\\Common\\FSM32.EXE\" /splash"
  "F-Secure TNB"="\"C:\\Program Files\\PC Veilig\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
  "F-Secure Startup Wizard"="\"C:\\Program Files\\PC Veilig\\FSGUI\\FSSW.EXE\" /reboot"
  "CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
  "CTDVDDet"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
  "Logitech Utility"="Logi_MwX.Exe"
  "PRISMSVR.EXE"="\"C:\\Program Files\\Thomson SpeedTouch\\SpeedTouch 121g Wireless USB Monitor\\PRISMSVR.EXE\" /APPLY"
  "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
  "Adobe Version Cue CS2"="\"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe\""
  "Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Adobe Acrobat 7.0\\Distillr\\Acrotray.exe\""
  "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
  "Hitman Pro Expiration Helper"="\"C:\\Program Files\\Hitman Pro\\xphelper.exe\""

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
  "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
  "LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
  "NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
  "MP3 CD Extractor"="\"C:\\Program Files\\MP3 CD Extractor\\CD-Extractor.exe\" hmw"

  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
  "LinkResolveIgnoreLinkInfo"=dword:00000000
  "NoResolveSearch"=dword:00000001
  "NoCDBurning"=dword:00000000

  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]


  HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
  Authentication Packages msv1_0\0\0
  Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
  Notification Packages scecli\0\0

  HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
  HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^menu start^programma's^opstarten^adobe gamma loader.lnk
  C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^menu start^programma's^opstarten^eeye jscript patch checker.lnk
  C:\PROGRA~1\EEYEDI~1\JSCRIP~1\JSCRIP~2.EXE

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^menu start^programma's^opstarten^hotsync manager.lnk
  C:\Palm\HOTSYNC.EXE

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^menu start^programma's^opstarten^microsoft office.lnk
  C:\PROGRA~1\MICROS~3\Office10\OSA.EXE -b -l

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^jeff overste^menu start^programma's^opstarten^corel print house registration.lnk
  C:\PROGRA~1\Corel\PRINTH~1\Register\Remind32.exe

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^jeff overste^menu start^programma's^opstarten^palnetaware.lnk
  C:\PROGRA~1\Paltalk\PNETAW~1.EXE

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe photo downloader
  "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\festoon
  C:\Program Files\Santa Cruz Networks\Festoon\Festoon.exe

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hp update 4300c
  C:\sj657\hpupdate.exe 4300C

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iomega active disk
  C:\Program Files\Iomega\AutoDisk\AD2KClient.exe

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck
  C:\WINDOWS\system32\NeroCheck.exe

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\news service
  "C:\Program Files\PC Veilig\FSGUI\ispnews.exe"

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p2p networking
  C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcmservice
  "C:\Program Files\Dell\Media Experience\PCMService.exe"

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcsuitetrayapplication
  C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcsync
  C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picasa media detector
  C:\Program Files\Picasa2\PicasaMediaDetector

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sb audigy 2 startup menu
  /L:DUT

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\storageguard
  "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe
  "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trickler
  "c:\windows\temp\adware\fsg_4104.exe"


  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
  LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
  NetworkService DnsCache\0\0
  rpcss RpcSs\0\0
  imgsvc StiSvc\0\0
  termsvcs TermService\0\0
  HTTPFilter HTTPFilter\0\0
  DcomLaunch DcomLaunch\0TermService\0\0
  bthsvcs BthServ\0\0
  Usnsvc usnsvc\0\0

  HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost  Contents of the 'Scheduled Tasks' folder
  C:\WINDOWS\tasks\AppleSoftwareUpdate.job
  C:\WINDOWS\tasks\User_Feed_Synchronization-{6DEA9A74-B7E7-4408-80A8-B37E9942F1A5}.job

  ********************************************************************

  catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-05-11 16:13:39
  Windows 5.1.2600 Service Pack 2 NTFS

  scanning hidden processes …

  scanning hidden services …

  scanning hidden autostart entries …

  scanning hidden files …

  scan completed successfully
  hidden processes: 0
  hidden services: 0
  hidden files: 0


  ********************************************************************

  Completion time: 2007-05-11 16:15:33 - machine was rebooted
  C:\ComboFix-quarantined-files.txt … 2007-05-11 16:15

  Logfile of HijackThis v1.99.1
  Scan saved at 16:21:02, on 11-5-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16441)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\PCVEIL~1\backweb\9743894\Program\SERVIC~1.EXE
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\WINDOWS\System32\CTsvcCDA.exe
  C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe
  C:\Program Files\PC Veilig\Anti-Virus\FSGK32.EXE
  C:\Program Files\PC Veilig\backweb\9743894\program\fsbwsys.exe
  C:\Program Files\PC Veilig\Common\FSMA32.EXE
  C:\Program Files\PC Veilig\Anti-Virus\fssm32.exe
  C:\Program Files\PC Veilig\Common\FSMB32.EXE
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\Program Files\Eset\nod32krn.exe
  C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
  C:\Program Files\PC Veilig\Common\FCH32.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\PC Veilig\Anti-Virus\fsqh.exe
  C:\Program Files\PC Veilig\Common\FAMEH32.EXE
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\Program Files\PC Veilig\Anti-Virus\fsrw.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\UAService7.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\WINDOWS\System32\Fast.exe
  C:\Program Files\PC Veilig\Anti-Virus\fsav32.exe
  C:\Program Files\Eicon\Diva\watch.exe
  C:\WINDOWS\System32\DSentry.exe
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\Program Files\Eicon\Diva\Divamon.exe
  C:\Program Files\Eicon\Diva\DiTask.exe
  C:\Program Files\Eicon\Diva\diinfo.exe
  C:\WINDOWS\System32\taskswitch.exe
  C:\Program Files\Eicon\Diva\cgserver.exe
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
  C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
  C:\WINDOWS\system32\LVCOMSX.EXE
  C:\Program Files\Logitech\Video\LogiTray.exe
  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe
  C:\WINDOWS\system32\CTHELPER.EXE
  C:\Program Files\PC Veilig\Common\FSM32.EXE
  C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
  C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\Logitech\MouseWare\system\em_exec.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\MP3 CD Extractor\CD-Extractor.exe
  C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
  C:\Program Files\Logitech\Video\FxSvr2.exe
  C:\Program Files\PC Veilig\backweb\9743894\Program\fspex.exe
  C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
  C:\Palm\HOTSYNC.EXE
  C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\explorer.exe
  C:\WINDOWS\system32\notepad.exe
  C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Hijack This\hijackthis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
  O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
  O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Program Files\Eicon\Diva\watch.exe"
  O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  O4 - HKLM\..\Run: [Divamon.exe] "C:\Program Files\Eicon\Diva\Divamon.exe"
  O4 - HKLM\..\Run: [DiTask.exe] "C:\Program Files\Eicon\Diva\DiTask.exe"
  O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
  O4 - HKLM\..\Run: [CGServer] "C:\Program Files\Eicon\Diva\cgserver.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
  O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
  O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe"
  O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
  O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
  O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Veilig\Common\FSM32.EXE" /splash
  O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Veilig\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
  O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\PC Veilig\FSGUI\FSSW.EXE" /reboot
  O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
  O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
  O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
  O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
  O4 - HKCU\..\Run: [MP3 CD Extractor] "C:\Program Files\MP3 CD Extractor\CD-Extractor.exe" hmw
  O4 - Startup: HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
  O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
  O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: PC Veilig.lnk = C:\Program Files\PC Veilig\backweb\9743894\Program\fspex.exe
  O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
  O8 - Extra context menu item: &Deze pop-up blokkeren - C:\Program Files\PC Veilig\Anti-Spyware\blockpopups.htm
  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
  O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
  O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll
  O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll
  O9 - Extra 'Tools' menuitem: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
  O9 - Extra button: IE-shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\Anti-Spyware\ieshield.dll
  O9 - Extra 'Tools' menuitem: IE-shield… - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\Anti-Spyware\ieshield.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Music Manager) - http://img.od2.com/installation/pluginname/music%20manager/MusicManagerPlugin.CAB
  O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
  O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
  O23 - Service: PC Veilig (BackWeb Plug-in - 9743894) - F-Secure Corp. - C:\PROGRA~1\PCVEIL~1\backweb\9743894\Program\SERVIC~1.EXE
  O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
  O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe
  O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\PC Veilig\backweb\9743894\program\fsbwsys.exe
  O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe
  O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\PC Veilig\FSPC\fshttps\fshttps.exe
  O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Veilig\Common\FSMA32.EXE
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
  O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
  O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
 • Download:
  Sla het bestand op je bureaublad op, daarna dubbelklikken.
  Mogelijk start de uninstaller van een rogue scanner op, sluit deze niet af maar laat deze zijn werk doen.

  Daarna de [b:7daf99fb0b]PC herstarten[/b:7daf99fb0b] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
  Post daarna het logje C:\[b:7daf99fb0b]RVAXO-results.log[/b:7daf99fb0b] in je volgende bericht tesamen met een nieuw logje van HijackThis.

  Bestand downloaden en op je bureaublad opslaan, daarna dubbelklikken.
  Als er een uninstaller actief wordt, deze zijn werk laten doen.
  PC herstarten en daarna nogmaals [b:7daf99fb0b]RemoveVideoActiveXObject.exe[/b:7daf99fb0b] dubbelklikken.
  Daarna een logje van HijackThis plaatsen
 • Hierbij de logjes

  —————-RemoveVideoActiveXObject.exe first run————-

  Files found:


  Uninstallers Rogue scanners:


  Folders Found:


  ————–RemoveVideoActiveXObject.exe last run—————

  Files found:


  Uninstallers Rogue scanners:


  Folders Found:  Logfile of HijackThis v1.99.1
  Scan saved at 20:35:57, on 11-5-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16441)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\PCVEIL~1\backweb\9743894\Program\SERVIC~1.EXE
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\WINDOWS\System32\CTsvcCDA.exe
  C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe
  C:\Program Files\PC Veilig\Anti-Virus\FSGK32.EXE
  C:\Program Files\PC Veilig\backweb\9743894\program\fsbwsys.exe
  C:\Program Files\PC Veilig\Common\FSMA32.EXE
  C:\Program Files\PC Veilig\Common\FSMB32.EXE
  C:\Program Files\PC Veilig\Anti-Virus\fssm32.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\Program Files\Eset\nod32krn.exe
  C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
  C:\Program Files\PC Veilig\Common\FCH32.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\Program Files\PC Veilig\Anti-Virus\fsqh.exe
  C:\Program Files\PC Veilig\Common\FAMEH32.EXE
  C:\Program Files\PC Veilig\Anti-Virus\fsrw.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\UAService7.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\WINDOWS\System32\Fast.exe
  C:\Program Files\PC Veilig\Anti-Virus\fsav32.exe
  C:\Program Files\Eicon\Diva\watch.exe
  C:\WINDOWS\System32\DSentry.exe
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\Program Files\Eicon\Diva\Divamon.exe
  C:\Program Files\Eicon\Diva\DiTask.exe
  C:\WINDOWS\System32\taskswitch.exe
  C:\Program Files\Eicon\Diva\cgserver.exe
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
  C:\Program Files\Eicon\Diva\diinfo.exe
  C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
  C:\WINDOWS\system32\LVCOMSX.EXE
  C:\Program Files\Logitech\Video\LogiTray.exe
  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe
  C:\WINDOWS\system32\CTHELPER.EXE
  C:\Program Files\PC Veilig\Common\FSM32.EXE
  C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
  C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
  C:\Program Files\Logitech\MouseWare\system\em_exec.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\PC Veilig\FSGUI\ispnews.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\MP3 CD Extractor\CD-Extractor.exe
  C:\Program Files\Logitech\Video\FxSvr2.exe
  C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
  C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
  C:\Program Files\PC Veilig\backweb\9743894\Program\fspex.exe
  C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
  C:\Palm\HOTSYNC.EXE
  C:\WINDOWS\system32\wuauclt.exe
  C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
  C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\WINDOWS\explorer.exe
  C:\WINDOWS\system32\NOTEPAD.EXE
  C:\Program Files\Hijack This\hijackthis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
  O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
  O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Program Files\Eicon\Diva\watch.exe"
  O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  O4 - HKLM\..\Run: [Divamon.exe] "C:\Program Files\Eicon\Diva\Divamon.exe"
  O4 - HKLM\..\Run: [DiTask.exe] "C:\Program Files\Eicon\Diva\DiTask.exe"
  O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
  O4 - HKLM\..\Run: [CGServer] "C:\Program Files\Eicon\Diva\cgserver.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
  O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
  O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe"
  O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
  O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
  O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Veilig\Common\FSM32.EXE" /splash
  O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Veilig\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
  O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\PC Veilig\FSGUI\FSSW.EXE" /reboot
  O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
  O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
  O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
  O4 - HKLM\..\Run: [News Service] "C:\Program Files\PC Veilig\FSGUI\ispnews.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
  O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
  O4 - HKCU\..\Run: [MP3 CD Extractor] "C:\Program Files\MP3 CD Extractor\CD-Extractor.exe" hmw
  O4 - Startup: HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
  O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
  O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: PC Veilig.lnk = C:\Program Files\PC Veilig\backweb\9743894\Program\fspex.exe
  O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
  O8 - Extra context menu item: &Deze pop-up blokkeren - C:\Program Files\PC Veilig\Anti-Spyware\blockpopups.htm
  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
  O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
  O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll
  O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll
  O9 - Extra 'Tools' menuitem: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
  O9 - Extra button: IE-shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\Anti-Spyware\ieshield.dll
  O9 - Extra 'Tools' menuitem: IE-shield… - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\Anti-Spyware\ieshield.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Music Manager) - http://img.od2.com/installation/pluginname/music%20manager/MusicManagerPlugin.CAB
  O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
  O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
  O23 - Service: PC Veilig (BackWeb Plug-in - 9743894) - F-Secure Corp. - C:\PROGRA~1\PCVEIL~1\backweb\9743894\Program\SERVIC~1.EXE
  O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
  O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe
  O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\PC Veilig\backweb\9743894\program\fsbwsys.exe
  O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe
  O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\PC Veilig\FSPC\fshttps\fshttps.exe
  O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\PC Veilig\Common\FSMA32.EXE
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
  O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
  O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
 • Download [b:61b74adb61]Dr.Web CureIt[/b:61b74adb61] naar je bureaublad:
  ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  Dubbelklik [b:61b74adb61]drweb-cureit.exe[/b:61b74adb61] en sta het toe om de express scan te starten.
  Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
  Eenmaal de korte scan is beeïndigd, Klik [b:61b74adb61]Options[/b:61b74adb61] > Change Settings
  Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
  Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
  Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
  Klik daarna de [b:61b74adb61]groene pijl[/b:61b74adb61] rechts om de scan te starten.
  Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
  Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:61b74adb61]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:61b74adb61]
  Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:61b74adb61]Move incurable[/b:61b74adb61] zoals je zal zien in volgende afbeelding:
  [img:61b74adb61]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:61b74adb61]
  Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
  Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:61b74adb61]file[/b:61b74adb61] en kies [b:61b74adb61]save report list[/b:61b74adb61]. Bewaar de log op je bureaublad.
  Sluit daarna Dr.Web Cureit.

  [b:61b74adb61]Herstart[/b:61b74adb61] je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
  Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

  7. Run HijackThis opnieuw en post een nieuwe log ;)
 • Dr WEb heeft niets gevonden. Ik moet zeggen dat ik na het draaien van Combofix en RemovevideoActiveXObject al een paar uur geen pop-ups meer heb gehad. Dus hopelijk heeft dat gewerkt. Mocht je hulp niet meer nodig zijn, hartelijk bedankt voor de goede ondersteuning. Nog een vraag. Bij het bericht dat verdewenen is, kreeg ik ook een reaktie van Gerben. Hij melde dat er wel erg veel 69 processen actief waren. Moet ik daar nog iets mee?

  Hier nog het laaste HJT logje na het opnieuw opstarten:
  Logfile of HijackThis v1.99.1
  Scan saved at 15:27:26, on 12-5-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16441)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\PROGRA~1\PCVEIL~1\backweb\9743894\Program\SERVIC~1.EXE
  C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  C:\WINDOWS\System32\CTsvcCDA.exe
  C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe
  C:\Program Files\PC Veilig\Anti-Virus\FSGK32.EXE
  C:\Program Files\PC Veilig\backweb\9743894\program\fsbwsys.exe
  C:\Program Files\PC Veilig\Common\FSMA32.EXE
  C:\Program Files\PC Veilig\Common\FSMB32.EXE
  C:\Program Files\PC Veilig\Anti-Virus\fssm32.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\Program Files\Eset\nod32krn.exe
  C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
  C:\Program Files\PC Veilig\Common\FCH32.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\PC Veilig\Common\FAMEH32.EXE
  C:\Program Files\PC Veilig\Anti-Virus\fsqh.exe
  C:\Program Files\PC Veilig\Anti-Virus\fsrw.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\UAService7.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\WINDOWS\System32\Fast.exe
  C:\Program Files\PC Veilig\Anti-Virus\fsav32.exe
  C:\Program Files\Eicon\Diva\watch.exe
  C:\WINDOWS\System32\DSentry.exe
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\Program Files\Eicon\Diva\Divamon.exe
  C:\Program Files\Eicon\Diva\DiTask.exe
  C:\WINDOWS\System32\taskswitch.exe
  C:\Program Files\Eicon\Diva\cgserver.exe
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
  C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
  C:\WINDOWS\system32\LVCOMSX.EXE
  C:\Program Files\Eicon\Diva\diinfo.exe
  C:\Program Files\Logitech\Video\LogiTray.exe
  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe
  C:\WINDOWS\system32\CTHELPER.EXE
  C:\Program Files\PC Veilig\Common\FSM32.EXE
  C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
  C:\Program Files\Logitech\MouseWare\system\em_exec.exe
  C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\PC Veilig\FSGUI\ispnews.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
  C:\Program Files\PC Veilig\backweb\9743894\Program\fspex.exe
  C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
  C:\Palm\HOTSYNC.EXE
  C:\Program Files\Logitech\Video\FxSvr2.exe
  C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
  C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
  C:\Program Files\Internet Explorer\IEXPLORE.EXE
  C:\Program Files\Hijack This\hijackthis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
  O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
  O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Program Files\Eicon\Diva\watch.exe"
  O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  O4 - HKLM\..\Run: [Divamon.exe] "C:\Program Files\Eicon\Diva\Divamon.exe"
  O4 - HKLM\..\Run: [DiTask.exe] "C:\Program Files\Eicon\Diva\DiTask.exe"
  O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
  O4 - HKLM\..\Run: [CGServer] "C:\Program Files\Eicon\Diva\cgserver.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
  O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
  O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
  O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
  O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe"
  O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
  O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
  O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Veilig\Common\FSM32.EXE" /splash
  O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Veilig\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
  O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\PC Veilig\FSGUI\FSSW.EXE" /reboot
  O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
  O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
  O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
  O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
  O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
  O4 - HKLM\..\Run: [News Service] "C:\Program Files\PC Veilig\FSGUI\ispnews.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
  O4 - Startup: HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
  O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
  O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: PC Veilig.lnk = C:\Program Files\PC Veilig\backweb\9743894\Program\fspex.exe
  O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
  O8 - Extra context menu item: &Deze pop-up blokkeren - C:\Program Files\PC Veilig\Anti-Spyware\blockpopups.htm
  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
  O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
  O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll
  O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll
  O9 - Extra 'Tools' menuitem: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
  O9 - Extra button: IE-shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\Anti-Spyware\ieshield.dll
  O9 - Extra 'Tools' menuitem: IE-shield… - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\Anti-Spyware\ieshield.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Music Manager) - http://img.od2.com/installation/pluginname/music%20manager/MusicManagerPlugin.CAB
  O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
  O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
  O23 - Service: PC Veilig (BackWeb Plug-in - 9743894) - F-Secure Corp. - C:\PROGRA~1\PCVEIL~1\backweb\9743894\Program\SERVIC~1.EXE
  O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
  O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe
  O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\PC Veilig\backweb\9743894\program\fsbwsys.exe
  O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe
  O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\PC Veilig\FSPC\fshttps\fshttps.exe
  O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\PC Veilig\Common\FSMA32.EXE
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
  O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
  O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
 • Dat kan, kan je zelf uitdokteren.

  Het gaat dan om de O4 regels, als ze niet echt nodig zijn kan je als volgt uitzetten, dan moet je ze dus als je ze gebruiken wil handmatig aanzetten
  Het uitzetten gaat als volgt. (voorbeeld)  Volgende programma mag u uitvinken in [b:ab11768308]Start - uitvoeren – Msconfig[/b:ab11768308] intypen – [b:ab11768308]enter – [/b:ab11768308]plaats een vinkje bij: [b:ab11768308]selectief opstarten[/b:ab11768308] en ga vervolgens verder naar het tabblad [b:ab11768308]Opstarten.[/b:ab11768308]

  Volgende vinkje mag je weghalen (Deze word dan niet meer samen met windows opgestart en kan volgens mij een oorzaak zijn van het cpu gebruik.
  [b:ab11768308]CTDVDDet[/b:ab11768308] kan je zelf opstarten wanneer je het zelf wenst.:


  [b:ab11768308][CTDVDDet]CTDVDDet.EXE [/b:ab11768308]


  Daarna druk je Toepassen –> OK. Je krijgt dan de vraag om opnieuw op te starten, klik ja.
  Eens de pc heropgestart is dan krijg je een melding van msconfig. Vink daar aan: dit bericht niet meer weergeven en klik op OK.

  Je kan het hier opzoeken http://www.castlecops.com/StartupList.html

  bovenstaand voorbeeld is van deze regel.
  O4 - HKLM\..\Run: [b:ab11768308][CTDVDDet][/b:ab11768308] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
  Als je het dikgedrukte deel in het opzoekbalkje plaatst dan komt de uitslag ervan eronder te staan.

  Probeer er eens 1
 • Met startupcpl heb je nog wat meer controle. http://www.mlin.net/StartupCPL.shtml
 • ' autoruns ' is ook een fijn programma om je startup lijst te beheren. Hiermee kun je ook b.v. de IE plugins bekijken en verwijderen.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.