Mededeling

Collapse
No announcement yet.

Pop ups infectie/IE expl. snelkoppeling wijst naar verkeerde websites

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Pop ups infectie/IE expl. snelkoppeling wijst naar verkeerde websites

    Hallo,

    Volgende problemen doen zich voor,
    Bij aanklikken van een link in IE explor. verwijst die naar webcry.com en pas na 2 x aanklikken kom ik op de betreffende website.

    Er is een prog. werkzaam te zien in de balk onderaan dat verwittigd voor spyware en zegt dat ik antispyprog. moet installeren. Dit start zelfs op in safe mode. Bij aanklikken start IE explor. naar die website.

    Verschillende pop ups over verschillende tijdstippen met vermelding infectie.

    Heb spy bot en ad aware gedraaid.

    Hier volgt mijn log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:45:30, on 30/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir Workstation\sched.exe
    C:\Program Files\AntiVir Workstation\avesvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Get-Torrent\wakeservice.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\LevelOne\Common\RaUI.exe
    C:\Program Files\Trust\Trust 735S [email protected] ZOOM\ICON.EXE
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1201697347.dll
    O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
    O4 - HKLM\..\Run: [SlowDownCPU] C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Get-Torrent Service] C:\Program Files\Get-Torrent\wakeservice.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: LevelOne Wireless Utility.lnk = C:\Program Files\LevelOne\Common\RaUI.exe
    O4 - Global Startup: Trust 735S [email protected] ZOOM Monitor.lnk = ?
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Search - ?p=ZN
    O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
    O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
    O8 - Extra context menu item: Download met LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html
    O8 - Extra context menu item: Download met LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Verwerk met LeechGet (Parse) - file://C:\Program Files\LeechGet 2007\\Parser.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Daan\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: FortisCzPc - https://www.fortisbanking.be/private/FortisCzPC.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://goto.monica.be/vdesk/terminal/InstallerControl.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://goto.monica.be/vdesk/terminal/f5InspectionHost.cab#version=6010,2007,0726,1518
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173034674906
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181642875265
    O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - https://goto.monica.be/vdesk/terminal/vdeskctrl.cab#Version=6010,2007,0920,0138
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: esperantido - {67dc0736-075a-4647-95f5-d5421b838fed} - C:\WINDOWS\system32\svxmhpz.dll
    O23 - Service: AntiVir Windows Workstation MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avmailc.exe
    O23 - Service: AntiVir Windows Workstation Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir Workstation\sched.exe
    O23 - Service: AntiVir Windows Workstation MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avesvc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 13654 bytes

    wat is de oplossing?


    met vriendelijke groeten

    Paul

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Comment


    • #3
      O.k. hier volgen de logs

      ---RVAXO.exe Updated: 2008-01-31---first run---
      Files found:
      C:\WINDOWS\system32\svxmhpz.dll
      C:\WINDOWS\system32\netlogun.exe
      C:\WINDOWS\system32\actskn45.ocx
      C:\Documents and Settings\All Users\STARTM~1\Online Security Guide.url
      C:\Documents and Settings\All Users\STARTM~1\Security Troubleshooting.url
      C:\Documents and Settings\Daan\FAVORI~1\Online Security Test.url

      Uninstallers:


      Folders Found:

      C:\Program Files\Helper

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------

      Deckard's System Scanner v20071014.68
      Run by Daan on 2008-01-31 20:29:38
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 2 Restore Point(s) --
      2: 2008-01-31 19:29:44 UTC - RP2 - Deckard's System Scanner Restore Point
      1: 2008-01-30 19:30:51 UTC - RP1 - System Checkpoint


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as Daan.exe) ------------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:35:10, on 31/01/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\AntiVir Workstation\sched.exe
      C:\Program Files\AntiVir Workstation\avesvc.exe
      C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\PnkBstrB.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
      C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Get-Torrent\wakeservice.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Steam\Steam.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      C:\Program Files\LevelOne\Common\RaUI.exe
      C:\Program Files\Trust\Trust 735S [email protected] ZOOM\ICON.EXE
      C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Documents and Settings\Daan\Desktop\dss.exe
      C:\HIJACK~1\Daan.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll (file missing)
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [SlowDownCPU] C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
      O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
      O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [Get-Torrent Service] C:\Program Files\Get-Torrent\wakeservice.exe
      O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: LevelOne Wireless Utility.lnk = C:\Program Files\LevelOne\Common\RaUI.exe
      O4 - Global Startup: Trust 735S [email protected] ZOOM Monitor.lnk = ?
      O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      O8 - Extra context menu item: &Search - ?p=ZN
      O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
      O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
      O8 - Extra context menu item: Download met LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html
      O8 - Extra context menu item: Download met LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Verwerk met LeechGet (Parse) - file://C:\Program Files\LeechGet 2007\\Parser.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Daan\Start Menu\Programs\IMVU\Run IMVU.lnk
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
      O16 - DPF: FortisCzPc - https://www.fortisbanking.be/private/FortisCzPC.cab
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://goto.monica.be/vdesk/terminal/InstallerControl.cab
      O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
      O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
      O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://goto.monica.be/vdesk/terminal/f5InspectionHost.cab#version=6010,2007,0726,1518
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173034674906
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181642875265
      O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - https://goto.monica.be/vdesk/terminal/vdeskctrl.cab#Version=6010,2007,0920,0138
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: AntiVir Windows Workstation MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avmailc.exe
      O23 - Service: AntiVir Windows Workstation Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir Workstation\sched.exe
      O23 - Service: AntiVir Windows Workstation MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avesvc.exe
      O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
      O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

      --
      End of file - 12809 bytes

      -- File Associations -----------------------------------------------------------

      .bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
      .inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
      .ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
      .txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R0 giveio - c:\windows\system32\giveio.sys
      R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
      R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
      R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
      R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
      R0 xmasbus - c:\windows\system32\drivers\xmasbus.sys
      R0 xmasscsi - c:\windows\system32\drivers\xmasscsi.sys
      R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys
      R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
      R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
      R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
      R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
      R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
      R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
      R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
      R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
      R3 RushTopDevice - c:\windows\inf\msi\slowdowncpu\rushtop.sys <Not Verified; Your Corporation; Your Product Name>
      R3 SlowDownCPU - c:\windows\inf\msi\slowdowncpu\ntglm7x.sys <Not Verified; Your Corporation; Your Product Name>
      R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

      S3 adxapie - c:\docume~1\daan\locals~1\temp\adxapie.sys (file missing)
      S3 GMSIPCI - g:\install\gmsipci.sys (file missing)
      S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
      S3 MidiSyn - c:\windows\system32\drivers\midisyn.sys <Not Verified; Analog Devices, Inc.; SoundMAX Wavetable Synthesizer>
      S3 RT73 (LevelOne WNC-0301USB Wireless Adapter Driver) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>
      S3 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys
      S3 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys
      S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 AntiVirScheduler (AntiVir Windows Workstation Scheduler) - "c:\program files\antivir workstation\sched.exe" <Not Verified; Avira GmbH; Scheduler>
      R2 AVEService (AntiVir Windows Workstation MailGuard helper service) - "c:\program files\antivir workstation\avesvc.exe" <Not Verified; Avira GmbH; AVE Service>
      R2 Speed Disk service - c:\progra~1\norton~1\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>

      S2 AntiVirMailService (AntiVir Windows Workstation MailGuard) - "c:\program files\antivir workstation\avmailc.exe" <Not Verified; Avira GmbH; AntiVir Mail Guard>
      S3 CAISafe (CA ISafe) - c:\windows\system32\zonelabs\isafe.exe <Not Verified; Computer Associates International, Inc.; ISafe>


      -- Device Manager: Disabled ----------------------------------------------------

      Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
      Description: CD-ROM Drive
      Device ID: SCSI\CDROM&VEN_EA3719A&PROD_CGM650H&REV_1.0\5&23B9C228&0&000
      Manufacturer: (Standard CD-ROM drives)
      Name: EA3719A CGM650H SCSI CdRom Device
      PNP Device ID: SCSI\CDROM&VEN_EA3719A&PROD_CGM650H&REV_1.0\5&23B9C228&0&000
      Service: cdrom

      Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
      Description: Hamachi Network Interface
      Device ID: ROOT\NET\0000
      Manufacturer: LogMeIn, Inc.
      Name: Hamachi Network Interface
      PNP Device ID: ROOT\NET\0000
      Service: hamachi


      -- Scheduled Tasks -------------------------------------------------------------

      2008-01-31 20:34:00 410 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
      2008-01-25 20:00:00 480 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
      2008-01-25 17:30:00 414 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
      2007-05-17 08:59:14 388 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


      -- Files created between 2007-12-31 and 2008-01-31 -----------------------------

      2008-01-31 20:27:45 0 d-------- C:\RVAXO
      2008-01-31 20:27:42 16384 --a------ C:\WINDOWS\system32\Restart.exe <Not Verified; WareSoft Software; restart>
      2008-01-31 20:17:46 647386 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-01-31 20:17:46 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-01-31 12:29:59 0 d-------- C:\Documents and Settings\Daan\Application Data\AccurateRip
      2008-01-31 12:29:42 0 d-------- C:\Program Files\Exact Audio Copy
      2008-01-30 19:44:04 0 d-------- C:\hijackthis
      2008-01-30 18:25:46 0 d-------- C:\Program Files\Trend Micro
      2008-01-30 13:49:12 0 d-------- C:\Program Files\Sotfone
      2008-01-27 22:15:32 0 d-------- C:\Program Files\WarRock
      2008-01-23 20:00:57 0 d-------- C:\Program Files\Foxit Software
      2008-01-16 19:44:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
      2008-01-16 19:44:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
      2008-01-11 19:13:40 0 d-------- C:\Documents and Settings\Daan\Application Data\InstallShield
      2008-01-04 21:08:08 0 d-------- C:\Program Files\XviD
      2008-01-04 21:07:55 120320 --a------ C:\WINDOWS\system32\apexchanger.exe
      2008-01-04 21:07:55 109568 --a------ C:\WINDOWS\system32\apex3gp.exe
      2008-01-04 21:07:54 398798 --a------ C:\WINDOWS\system32\apexpmp.exe <Not Verified; IndigoSTAR Software; IndigoPerl>
      2008-01-04 21:07:54 4755968 --a------ C:\WINDOWS\system32\apexconverter.exe
      2008-01-04 21:07:53 61440 --a------ C:\WINDOWS\system32\cygz.dll
      2008-01-04 21:07:53 1295582 --a------ C:\WINDOWS\system32\cygwin1.dll <Not Verified; Red Hat; Cygwin>
      2008-01-04 21:07:53 3138048 --a------ C:\WINDOWS\system32\apexxbox.exe
      2008-01-04 21:07:53 86016 --a------ C:\WINDOWS\system32\AddiTunes.exe
      2008-01-04 21:07:52 249856 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll <Not Verified; Online Media Technologies Company Ltd.; NCTQuickTimeFile Module>
      2008-01-04 21:07:52 626688 --a------ C:\WINDOWS\system32\NCTImageFile.dll <Not Verified; Online Media Technologies Ltd.; NCTImageFile ActiveX DLL>
      2008-01-04 21:07:51 495104 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll <Not Verified; NCT Company Ltd.; NCTVideoCoreM ActiveX DLL>
      2008-01-04 21:07:51 764416 --a------ C:\WINDOWS\system32\NCTRMFile.dll <Not Verified; NCT Company Ltd.; NCTRMFile ActiveX DLL>
      2008-01-04 21:07:50 382464 --a------ C:\WINDOWS\system32\NCTAVIFile.dll <Not Verified; NCT Company Ltd.; NCTAVIFile ActiveX DLL>
      2008-01-04 21:07:49 780288 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll <Not Verified; NCT Company Ltd.; NCTVideoCompress ActiveX DLL>
      2008-01-04 21:07:49 90112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFormatSettings3 Module>
      2008-01-04 21:07:49 2846720 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module>
      2008-01-04 21:07:48 312320 --a------ C:\WINDOWS\system32\NCTVideoView.dll <Not Verified; Online Media Technologies Ltd.; NCTVideoView ActiveX DLL>
      2008-01-04 21:07:48 188416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll <Not Verified; NCT Company Ltd.; NCTVideoFile ActiveX DLL>
      2008-01-04 21:07:47 215552 --a------ C:\WINDOWS\system32\NCTWMVFile.dll <Not Verified; NCT Company Ltd.; NCTWMVFile ActiveX DLL>
      2008-01-04 21:07:47 778240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress2 Module>
      2008-01-04 21:07:46 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
      2008-01-04 21:07:42 147456 --a------ C:\WINDOWS\system32\viscomqtenc.dll <Not Verified; Viscom Software www.viscomsoft.com; >
      2008-01-04 21:07:42 0 d-------- C:\WINDOWS\system32\RMBin
      2008-01-04 21:07:37 0 d-------- C:\Program Files\A-Z


      -- Find3M Report ---------------------------------------------------------------

      2008-01-31 20:24:05 0 d-------- C:\Program Files\Steam
      2008-01-31 20:21:35 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
      2008-01-31 20:14:38 0 d-------- C:\Documents and Settings\Daan\Application Data\Skype
      2008-01-28 19:31:40 0 d-------- C:\Documents and Settings\Daan\Application Data\LimeWire
      2008-01-27 22:15:25 0 d--h----- C:\Program Files\InstallShield Installation Information
      2008-01-27 17:42:24 0 d-------- C:\Program Files\Get-Torrent
      2008-01-25 22:16:12 0 d-------- C:\Program Files\World of Warcraft <WORLDO~1>
      2008-01-24 21:24:48 0 d-------- C:\Program Files\MobMapUpdater
      2008-01-23 22:45:06 0 d-------- C:\Documents and Settings\Daan\Application Data\uTorrent
      2008-01-11 19:15:36 0 d-------- C:\Program Files\Codemasters
      2008-01-11 19:09:22 0 d-------- C:\Program Files\Juice
      2008-01-06 12:33:14 0 d-------- C:\Program Files\Outspark
      2008-01-06 12:26:25 0 d-------- C:\Program Files\VideoLAN
      2008-01-04 22:11:28 0 d-------- C:\Documents and Settings\Daan\Application Data\BearShare
      2008-01-01 12:57:33 0 d-------- C:\Documents and Settings\Daan\Application Data\Azureus
      2007-12-28 15:16:20 0 d-------- C:\Program Files\F5
      2007-12-27 16:37:55 0 d-------- C:\Program Files\GameShadow
      2007-12-27 16:18:19 0 d-------- C:\Program Files\Eidos
      2007-12-26 15:40:16 0 d-------- C:\Program Files\Altap Salamander 2.5
      2007-12-26 11:37:39 0 d-------- C:\Program Files\Electronic Arts
      2007-12-26 11:36:42 0 d-------- C:\Program Files\AGEIA Technologies
      2007-12-26 11:35:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2007-12-18 20:15:40 0 d-------- C:\Program Files\Ubisoft
      2007-12-17 22:01:54 8396851 --a------ C:\ipodvideoconverter_r70904.exe <Not Verified; Cucusoft, Inc.; >
      2007-12-17 21:59:18 0 d-------- C:\Program Files\Cucusoft
      2007-12-17 21:57:37 8396851 --a------ C:\ipod_r70904.exe <Not Verified; Cucusoft, Inc.; >
      2007-12-17 21:49:31 0 d-------- C:\Program Files\Common Files\Download Manager
      2007-12-16 20:10:36 0 d-------- C:\Program Files\Common Files\MOVAVI
      2007-12-16 20:10:32 0 d-------- C:\Program Files\Movavi Video Converter 6
      2007-12-16 20:10:26 0 d-------- C:\Program Files\Common Files
      2007-12-16 19:56:39 5732522 --a------ C:\psp_video_express.exe
      2007-12-16 09:41:39 0 d-------- C:\Documents and Settings\Daan\Application Data\AdobeUM
      2007-12-15 19:52:58 0 d-------- C:\Documents and Settings\Daan\Application Data\teamspeak2
      2007-12-15 12:52:28 0 d-------- C:\Program Files\Lavalys
      2007-12-09 14:44:20 98304 --a------ C:\WINDOWS\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
      2007-12-05 15:42:02 0 dr-h----- C:\Documents and Settings\Daan\Application Data\SecuROM
      2007-12-05 01:41:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
      2007-12-05 01:41:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
      2007-12-05 01:41:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
      2007-12-05 01:41:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
      2007-12-05 01:41:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
      2007-12-05 01:41:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
      2007-12-05 01:41:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
      2007-12-05 01:41:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
      2007-11-23 18:08:30 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SlowDownCPU"="C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe" [25/02/2005 03:22]
      "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [14/10/2004 09:11]
      "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [06/08/2004 07:27]
      "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [16/03/2006 11:34]
      "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [13/02/2007 19:29]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [10/12/2001 17:54]
      "NAV Agent"="C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe" [21/07/2001 08:09]
      "BearShare"="C:\Program Files\BearShare\BearShare.exe"
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 01:41]
      "nwiz"="nwiz.exe" [05/12/2007 01:41 C:\WINDOWS\system32\nwiz.exe]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 01:41]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/11/2006 11:48]
      "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [03/05/2007 16:43]
      "@"=""
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [16/11/2006 18:04]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [08/06/2007 14:18]
      "LeechGet"=""
      "Get-Torrent Service"="C:\Program Files\Get-Torrent\wakeservice.exe" [12/09/2007 12:42]
      "Steam"="C:\Program Files\Steam\Steam.exe" [30/11/2007 17:40]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [19/11/2007 10:21]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 15:39 294400]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
      C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 20/12/2001 23:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "appinit_dlls"=wbsys.dll

      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp


      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e81f1b0e-d875-11db-954c-0013d33c8aee}]
      AutoRun\command- H:\Autorun.exe




      -- End of Deckard's System Scanner: finished at 2008-01-31 20:36:38 ------------

      Comment


      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.

        Je Java software is verouderd.
        Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
        Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
        • Download Java Runtime Environment (JRE) 6u4 en bewaar het naar je Bureaublad.
        • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
        • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
        • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
        • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
        • Herhaal dit tot alle oudere versies verdwenen zijn.
        • Na het verwijderen van alle oudere versies, herstart je pc.
        • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


        Download ATF cleaner (mirror)(gemaakt door Atribune)

        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

        Dubbelklik op ATF cleaner om het programma te starten.
        Op het tabblad "Main", plaats je een vinkje bij Select All.
        Klik op de knop Empty Selected.

        Het volgende doen als je ook FireFox als browser hebt:
        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
        Klik op de knop Empty Selected.

        Het volgende doen als je ook Opera als browser hebt:
        Klik op tabblad "Opera", plaats een vinkje bij Select All.
        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        Klik op de knop Empty Selected.
        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
        Kijk hier hoe je je systeemherstel moet uitschakelen.
        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

        Post als laatste nog een nieuw logje van Hijackthis ter controle

        Comment


        • #5
          Alle problemen opgelost.
          Die atf cleaner is een goede zaak want regelmatig gebeurt het dat ik niets kan opruimen in IE explo via de geijkte knop verwijderen.
          Dit lukt dan pas na een uninstall en nieuwe install. Ook een spyware achtig iets ?

          Hier volgt het hijack log,


          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 21:02:46, on 1/02/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\AntiVir Workstation\sched.exe
          C:\Program Files\AntiVir Workstation\avesvc.exe
          C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
          C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\PnkBstrA.exe
          C:\WINDOWS\system32\PnkBstrB.exe
          C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\ZoneLabs\vsmon.exe
          C:\WINDOWS\system32\SearchIndexer.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
          C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
          C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
          C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
          C:\Program Files\Winamp\winampa.exe
          C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
          C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
          C:\Program Files\DAEMON Tools\daemon.exe
          C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
          C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Skype\Phone\Skype.exe
          C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
          C:\Program Files\Get-Torrent\wakeservice.exe
          C:\Program Files\Steam\Steam.exe
          C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
          C:\Program Files\LevelOne\Common\RaUI.exe
          C:\Program Files\Trust\Trust 735S [email protected] ZOOM\ICON.EXE
          C:\Program Files\Windows Desktop Search\WindowsSearch.exe
          C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
          C:\Program Files\Skype\Plugin Manager\skypePM.exe
          C:\WINDOWS\system32\SearchProtocolHost.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\hijackthis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll (file missing)
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O4 - HKLM\..\Run: [SlowDownCPU] C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
          O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
          O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
          O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
          O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
          O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
          O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
          O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
          O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
          O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
          O4 - HKCU\..\Run: [Get-Torrent Service] C:\Program Files\Get-Torrent\wakeservice.exe
          O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
          O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: LevelOne Wireless Utility.lnk = C:\Program Files\LevelOne\Common\RaUI.exe
          O4 - Global Startup: Trust 735S [email protected] ZOOM Monitor.lnk = ?
          O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
          O8 - Extra context menu item: &Search - ?p=ZN
          O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
          O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
          O8 - Extra context menu item: Download met LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html
          O8 - Extra context menu item: Download met LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O8 - Extra context menu item: Verwerk met LeechGet (Parse) - file://C:\Program Files\LeechGet 2007\\Parser.html
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
          O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Daan\Start Menu\Programs\IMVU\Run IMVU.lnk
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
          O16 - DPF: FortisCzPc - https://www.fortisbanking.be/private/FortisCzPC.cab
          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
          O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
          O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://goto.monica.be/vdesk/terminal/InstallerControl.cab
          O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
          O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
          O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://goto.monica.be/vdesk/terminal/f5InspectionHost.cab#version=6010,2007,0726,1518
          O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173034674906
          O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
          O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181642875265
          O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - https://goto.monica.be/vdesk/terminal/vdeskctrl.cab#Version=6010,2007,0920,0138
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
          O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
          O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
          O23 - Service: AntiVir Windows Workstation MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avmailc.exe
          O23 - Service: AntiVir Windows Workstation Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir Workstation\sched.exe
          O23 - Service: AntiVir Windows Workstation MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avesvc.exe
          O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
          O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
          O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
          O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
          O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
          O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

          --
          End of file - 13181 bytes


          groetjes

          Comment


          • #6
            Logje ziet er goed uit

            Probeer dit eens:


            Alle problemen voorbij?

            Comment


            • #7
              Ja, loopt terug als een gesmeerd naaimachientje
              Van harte beankt voor je oplossingen
              groetjes

              polpol

              Comment


              • #8
                Graag gedaan hoor polpol

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X