Mededeling

Collapse
No announcement yet.

logje: weeral problemen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • logje: weeral problemen

    Ik had reeds problemen met mijn pc en die waren dan opgelost maar het moet weer toeval zijn of niet, ze komen hier thuis en baf, lap tis weer van dat: irritante pop-ups ivm virusmeldingen enz (ik weet zelfs niet of onze virusscanner naar behoren werkt). Ad-ware scant gewoon niet en het moet echt weer lukken dat het net gebeurt als andere net thuis zijn

    nu is het al zo erg dat alles van het bureaublad is verdwenen samen met de startbalk

    logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:02:05, on 8/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\eHome\ehSched.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
    C:\PROGRA~1\COMMON~1\PPATCH~1\dvdplay.exe
    C:\WINDOWS\17PHolmes572.exe
    C:\WINDOWS\17PHolmes1000106.exe
    C:\Program Files\??crosoft.NET\??ool32.exe
    C:\PROGRA~1\FREEDO~1\fdm.exe
    C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
    C:\Program Files\Drmupgds\Drmupgds.exe
    C:\WINDOWS\17PHolmes572.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFear.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKCU\..\Run: [CSIM] C:\PROGRA~1\CSIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Urnc] "C:\PROGRA~1\COMMON~1\PPATCH~1\dvdplay.exe" -vt yazb
    O4 - HKCU\..\Run: [Iwxst] "C:\Program Files\??crosoft.NET\??ool32.exe"
    O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://0-mariekn-0.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.payrolling.randstad.be/msrdp.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d8eb1be671edb078.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F473ABDB-E89F-4BCC-9E69-EC715ECEBC44}: NameServer = 195.238.2.21 195.238.2.22
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 10806 bytes
    Last edited by koenosaki; 08-02-08, 13:15.

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      ---RVAXO.exe Updated: 2008-02-08---first run---
      Files found:
      C:\WINDOWS\system32\ftokseke.dllbox
      C:\WINDOWS\system32\dfhkj.ini2
      C:\WINDOWS\b122.exe
      C:\WINDOWS\mrofinu1000106.exe
      C:\WINDOWS\mrofinu572.exe
      C:\WINDOWS\mrofinu572.exe.tmp
      C:\WINDOWS\Prefetch\MROFINU572.EXE-27C51A6D.pf
      C:\WINDOWS\system32\pac.txt
      C:\Documents and Settings\PC\Mijn documenten\pos???.tmp
      C:\pos???.tmp

      Uninstallers:


      Folders Found:

      C:\Program Files\Drmupgds
      C:\Program Files\Outerinfo
      C:\Program Files\Temporary
      C:\Documents and Settings\All Users\Application Data\SalesMon
      C:\WINDOWS\system32\nGpxx01
      C:\Temp\1cb

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      C:\pos???.tmp
      Folders Found:

      --------------RVAXO.exe finished----------------







      ComboFix 08-02.05.3 - PC 2008-02-08 14:07:52.10 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.504 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\PC\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\jkhfd.dll
      C:\WINDOWS\system32\p1\liamdll2.exe
      C:\WINDOWS\system32\urqrqol.dll
      C:\Documents and Settings\PC\Menu Start\Programma's\Outerinfo
      C:\Documents and Settings\PC\Menu Start\Programma's\Outerinfo\Terms.lnk
      C:\Documents and Settings\PC\Menu Start\Programma's\Outerinfo\Uninstall.lnk
      C:\Program Files\Common Files\ppatch~1
      C:\Program Files\Common Files\ppatch~1\??pPatch\
      C:\Program Files\Common Files\ppatch~1\dvdplay.exe
      C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
      C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
      C:\Program Files\crosof~1.net
      C:\Program Files\crosof~1.net\??ool32.exe
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\system32\dfhkj.ini
      C:\WINDOWS\system32\dfhkj.ini2
      C:\WINDOWS\system32\ediktcod.dll
      C:\WINDOWS\system32\elptoptv.dll
      C:\WINDOWS\system32\ftokseke.dll
      C:\WINDOWS\system32\ftokseke.dll . . . . konden niet verwijderd worden
      C:\WINDOWS\system32\ftokseke.dllbox
      C:\WINDOWS\system32\gcxvhooq.dll
      C:\WINDOWS\system32\ghd.dll
      C:\WINDOWS\system32\gibiniaa.dll
      C:\WINDOWS\system32\jkhfd.dll
      C:\WINDOWS\system32\nbhaipuo.ini
      C:\WINDOWS\system32\oupiahbn.dll
      C:\WINDOWS\system32\p1
      C:\WINDOWS\system32\q9
      C:\WINDOWS\system32\q9\liopud89104.exe
      C:\WINDOWS\system32\urqrqol.dll
      C:\WINDOWS\system32\vtpotple.ini
      C:\WINDOWS\system32\xxyawvw.dll

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))
      .

      2008-02-08 14:21 . 2008-02-08 14:21 134 ---hs---- C:\WINDOWS\system32\ftokseke.dllbox
      2008-02-08 13:56 . 2008-02-08 13:59 <DIR> d-------- C:\RVAXO
      2008-02-08 13:33 . 2008-02-08 14:21 674,936 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-02-08 13:33 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-02-08 13:04 . 2008-02-08 13:04 15,086 --a------ C:\WINDOWS\system32\FreePokerBonus.ico
      2008-02-08 12:59 . 2008-02-08 14:18 163,904 --a------ C:\WINDOWS\system32\ftokseke.dll
      2008-02-08 12:53 . 2008-02-08 12:53 <DIR> d-------- C:\temp\isgTi19
      2008-01-27 10:40 . 2008-02-08 14:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-01-27 10:40 . 2008-01-27 10:40 1,409 --a------ C:\WINDOWS\QTFont.for
      2008-01-22 20:23 . 2008-01-22 20:23 <DIR> d-------- C:\Program Files\IrfanView
      2008-01-19 21:58 . 2008-01-19 21:58 <DIR> d-------- C:\Program Files\Trend Micro
      2008-01-18 20:22 . 2008-01-18 20:26 <DIR> d-------- C:\Documents and Settings\PC\Application Data\RegistrySmart
      2008-01-18 20:21 . 2008-01-20 22:28 <DIR> d-------- C:\Program Files\RegistrySmart
      2008-01-17 00:04 . 2008-01-17 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-08 13:18 --------- d-----w C:\Documents and Settings\PC\Application Data\Free Download Manager
      2008-02-08 10:21 --------- d-----w C:\Program Files\TrackMania Nations ESWC
      2008-02-08 03:07 --------- d-----w C:\Program Files\mIRC
      2008-02-08 02:24 --------- d-----w C:\Program Files\DC++
      2008-02-03 18:41 --------- d-----w C:\Documents and Settings\PC\Application Data\Azureus
      2008-01-27 09:40 --------- d-----w C:\Program Files\iTunes
      2008-01-22 18:53 --------- d-----w C:\Program Files\Sonic
      2008-01-20 20:33 --------- d-----w C:\Program Files\QuickTime
      2008-01-18 19:34 --------- d-----w C:\Program Files\Free Download Manager
      2008-01-18 19:10 --------- d-----w C:\Program Files\Lavasoft
      2008-01-18 19:10 --------- d-----w C:\Documents and Settings\PC\Application Data\Lavasoft
      2008-01-16 22:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2008-01-08 03:08 --------- d-----w C:\Program Files\Championship Manager 5
      2007-12-28 12:30 --------- d-----w C:\Program Files\FlashGet
      2007-12-24 17:28 --------- d-----w C:\Program Files\Azureus
      2006-10-15 00:46 2,958,430 ----a-w C:\Program Files\fg173tw.exe
      2006-10-01 13:00 36,656,704 ----a-w C:\Program Files\iTunesSetup(3).exe
      2006-09-30 22:06 7,560,680 ----a-w C:\Program Files\ubsetup.exe
      2006-09-23 23:49 19,666,504 ----a-w C:\Program Files\QuickTimeInstaller.exe
      2006-09-23 11:54 36,636,224 ----a-w C:\Program Files\iTunesSetup(2).exe
      2006-09-20 20:00 2,519,716 ----a-w C:\Program Files\eMulePlus-1.2.Installer.exe
      2006-07-13 22:35 2,337,576 ----a-w C:\Program Files\csim95nl.exe
      2006-07-12 22:19 15,300,392 ----a-w C:\Program Files\Install_Messenger.exe
      2006-07-08 09:31 11,817,800 ----a-w C:\Program Files\GoogleEarth.exe
      2006-07-01 14:28 695,448 ----a-w C:\Program Files\FearFM.exe
      2006-05-07 23:33 12,789,248 ----a-w C:\Program Files\MP10Setup(2).exe
      2006-04-21 18:58 278,695,200 ----a-w C:\Program Files\TmNationsESWC_Setup.exe
      2006-03-25 00:02 5,196,825 ----a-w C:\Program Files\Qtracker411.exe
      2005-09-27 12:02 125,440 ----a-w C:\Program Files\Office2003_SP2Changes.xls
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A7D7FDF-E68C-496A-9E96-2284F70AFDB0}]
      C:\WINDOWS\system32\jkhfd.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
      2008-02-08 14:18 163904 --a------ C:\WINDOWS\system32\ftokseke.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B59EED0E-8FF6-4D85-9D80-B88E5278FDFB}]
      2008-02-08 02:07 217088 --a------ C:\Program Files\Movie Maker\xabuha89104.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}]
      C:\WINDOWS\system32\urqrqol.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CSIM"="C:\PROGRA~1\CSIM\aim.exe" [ ]
      "Urnc"="C:\PROGRA~1\COMMON~1\PPATCH~1\dvdplay.exe" [ ]
      "Iwxst"="C:\Program Files\??crosoft.NET\??ool32.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [ ]
      "CTHelper"="CTHELPER.EXE" [2005-09-20 12:08 16384 C:\WINDOWS\CTHELPER.EXE]
      "CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 06:07 19968 C:\WINDOWS\system32\CTXFIHLP.EXE]
      "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-18 20:15 344064]
      "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
      "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [ ]
      "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [ ]
      "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [ ]
      "CTXFIREG"="CTxfiReg.exe"
      "UpdReg"="C:\WINDOWS\UpdReg.EXE" [ ]
      "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [ ]
      "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
      "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE" [ ]
      "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
      "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
      "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [ ]
      "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ ]
      "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [ ]
      "tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [ ]
      "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [ ]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 22:25 28160 C:\WINDOWS\KHALMNPR.Exe]
      "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [ ]
      "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]
      "combofix"="C:\WINDOWS\system32\kmd.exe" [2004-09-02 13:00 399360]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360]

      C:\Documents and Settings\PC\Menu Start\Programma's\Opstarten\
      Mediacontrole Cyber-shot Viewer.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-07-27 17:16:59 155648]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
      dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2006-01-19 14:02:48 315392]
      Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-05-26 14:17:36 528384]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 17:15:56 65588]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
      "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{E180F496-8A4B-44E2-9FE0-0364E345DB7F}"= C:\WINDOWS\system32\urqrqol.dll [ ]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ftokseke]
      ftokseke.dll 2008-02-08 14:18 163904 C:\WINDOWS\system32\ftokseke.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrqol]
      urqrqol.dll

      R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-09-20 11:53]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{443f521e-4f3b-11dc-bd3c-000e50700afc}]
      \Shell\Auto\command - L:\activexdebugger32.exe f
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
      \Shell\explore\Command - L:\activexdebugger32.exe f
      \Shell\open\Command - L:\activexdebugger32.exe f

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-01-31 18:57:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-02-08 02:30:01 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
      - C:\Program Files\RegistrySmart\RegistrySmart .ex
      - C:\Program Files\RegistrySmart
      "2008-02-01 17:30:00 C:\WINDOWS\Tasks\Scannen op virussen via McAfee.com - Mijn computer (VIDTS-PC).job"
      - c:\program files\mcafee.com\vso\mcmnhdlr.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-08 14:21:37
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Geladen Onder Lopende Processen ---------------------

      PROCESS: C:\WINDOWS\system32\winlogon.exe
      -> C:\WINDOWS\system32\ftokseke.dll

      PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
      -> C:\WINDOWS\system32\ftokseke.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      c:\program files\mcafee.com\agent\mcdetect.exe
      c:\PROGRA~1\mcafee.com\vso\mcshield.exe
      c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\WINDOWS\ehome\mcrdsvc.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
      C:\Program Files\iPod\bin\iPodService.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-02-08 14:26:35 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-02-08 13:26:28
      ComboFix2.txt 2008-01-26 20:26:22
      .
      2008-01-16 22:44:51 --- E O F ---

      Comment


      • #4
        ik heb wel zo'n twee vuile onbetrouwbare icoontjes van storageprotector.com (waar ik zeker niet op ga klikken)

        Comment


        • #5
          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 14:45:48, on 8/02/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\LEXBCES.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\system32\LEXPPS.EXE
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\WINDOWS\system32\CTsvcCDA.EXE
          C:\WINDOWS\eHome\ehRecvr.exe
          C:\WINDOWS\eHome\ehSched.exe
          c:\program files\mcafee.com\agent\mcdetect.exe
          c:\PROGRA~1\mcafee.com\vso\mcshield.exe
          c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
          C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
          C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\dllhost.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\WINDOWS\CTHELPER.EXE
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\Program Files\Logitech\SetPoint\SetPoint.exe
          C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
          C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
          O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
          O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ftokseke.dll
          O2 - BHO: (no name) - {B59EED0E-8FF6-4D85-9D80-B88E5278FDFB} - C:\Program Files\Movie Maker\xabuha89104.dll
          O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
          O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
          O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
          O3 - Toolbar: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFear.dll
          O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
          O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
          O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
          O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
          O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
          O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
          O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
          O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
          O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
          O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
          O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
          O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
          O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
          O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
          O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE
          O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
          O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
          O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
          O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
          O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
          O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
          O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
          O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
          O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
          O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
          O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKCU\..\Run: [CSIM] C:\PROGRA~1\CSIM\aim.exe -cnetwait.odl
          O4 - HKCU\..\Run: [Urnc] "C:\PROGRA~1\COMMON~1\PPATCH~1\dvdplay.exe" -vt yazb
          O4 - HKCU\..\Run: [Iwxst] "C:\Program Files\??crosoft.NET\??ool32.exe"
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
          O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
          O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
          O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
          O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
          O8 - Extra context menu item: Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
          O8 - Extra context menu item: Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
          O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
          O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
          O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
          O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://0-mariekn-0.spaces.msn.com//PhotoUpload/MsnPUpld.cab
          O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.payrolling.randstad.be/msrdp.cab
          O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d8eb1be671edb078.spaces.live.com/PhotoUpload/MsnPUpld.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{F473ABDB-E89F-4BCC-9E69-EC715ECEBC44}: NameServer = 195.238.2.21 195.238.2.22
          O20 - Winlogon Notify: ftokseke - C:\WINDOWS\SYSTEM32\ftokseke.dll
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
          O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
          O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
          O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
          O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
          O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
          O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
          O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

          --
          End of file - 11065 bytes

          Comment


          • #6
            Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
            Dit zal alles van RVAXO verwijderen.

            Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:



            File::
            C:\WINDOWS\system32\ftokseke.dllbox
            C:\WINDOWS\system32\FreePokerBonus.ico
            C:\WINDOWS\system32\ftokseke.dll
            C:\Program Files\Movie Maker\xabuha89104.dll

            Folder::
            C:\temp\isgTi19

            Registry::
            [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A7D7FDF-E68C-496A-9E96-2284F70AFDB0}]
            [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
            [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B59EED0E-8FF6-4D85-9D80-B88E5278FDFB}]
            [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}]
            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "Urnc"=-
            "Iwxst"=-
            [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
            "{E180F496-8A4B-44E2-9FE0-0364E345DB7F}"=-
            [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ftokseke]
            [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrqol]
            [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{443f521e-4f3b-11dc-bd3c-000e50700afc}]




            Sla dit op op je Bureaublad als CFScript.txt

            Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



            Dit zal ComboFix doen herstarten.
            Start opnieuw op als daarom gevraagd wordt,
            en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje
            Last edited by smeenk; 08-02-08, 15:26.

            Comment


            • #7
              dat unisntallen gaat

              maar wanneer ik de script invoeg

              krijg ik de melding: c:/ windows/system32/kmd.exe niet vinden

              Comment


              • #8
                het is toch gegaan

                ComboFix 08-02.05.3 - PC 2008-02-08 15:37:16.11 - NTFSx86
                Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.564 [GMT 1:00]
                Gestart vanuit: C:\Documents and Settings\PC\Bureaublad\ComboFix.exe
                Command switches used :: C:\Documents and Settings\PC\Bureaublad\CFScript.txt
                * Nieuw herstelpunt werd aangemaakt

                WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

                FILE
                C:\Program Files\Movie Maker\xabuha89104.dll
                C:\WINDOWS\system32\FreePokerBonus.ico
                C:\WINDOWS\system32\ftokseke.dll
                C:\WINDOWS\system32\ftokseke.dllbox
                .

                (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                .

                C:\Program Files\Movie Maker\xabuha89104.dll
                C:\temp\isgTi19
                C:\temp\isgTi19\lPig.log
                C:\WINDOWS\system32\FreePokerBonus.ico
                C:\WINDOWS\system32\ftokseke.dllbox
                C:\WINDOWS\system32\windows

                .
                (((((((((((((((((((( Bestanden Gemaakt van 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))
                .

                2008-02-08 14:05 . 2004-09-02 13:00 399,360 --a------ C:\kmd.exe
                2008-01-27 10:40 . 2008-02-08 15:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
                2008-01-27 10:40 . 2008-01-27 10:40 1,409 --a------ C:\WINDOWS\QTFont.for
                2008-01-22 20:23 . 2008-01-22 20:23 <DIR> d-------- C:\Program Files\IrfanView
                2008-01-19 21:58 . 2008-01-19 21:58 <DIR> d-------- C:\Program Files\Trend Micro
                2008-01-18 20:22 . 2008-01-18 20:26 <DIR> d-------- C:\Documents and Settings\PC\Application Data\RegistrySmart
                2008-01-18 20:21 . 2008-01-20 22:28 <DIR> d-------- C:\Program Files\RegistrySmart
                2008-01-17 00:04 . 2008-01-17 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

                .
                ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2008-02-08 14:27 --------- d-----w C:\Documents and Settings\PC\Application Data\Free Download Manager
                2008-02-08 10:21 --------- d-----w C:\Program Files\TrackMania Nations ESWC
                2008-02-08 03:07 --------- d-----w C:\Program Files\mIRC
                2008-02-08 02:24 --------- d-----w C:\Program Files\DC++
                2008-02-03 18:41 --------- d-----w C:\Documents and Settings\PC\Application Data\Azureus
                2008-01-27 09:40 --------- d-----w C:\Program Files\iTunes
                2008-01-22 18:53 --------- d-----w C:\Program Files\Sonic
                2008-01-20 20:33 --------- d-----w C:\Program Files\QuickTime
                2008-01-18 19:34 --------- d-----w C:\Program Files\Free Download Manager
                2008-01-18 19:10 --------- d-----w C:\Program Files\Lavasoft
                2008-01-18 19:10 --------- d-----w C:\Documents and Settings\PC\Application Data\Lavasoft
                2008-01-16 22:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
                2008-01-08 03:08 --------- d-----w C:\Program Files\Championship Manager 5
                2007-12-28 12:30 --------- d-----w C:\Program Files\FlashGet
                2007-12-24 17:28 --------- d-----w C:\Program Files\Azureus
                2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
                2007-11-14 07:29 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
                2006-10-15 00:46 2,958,430 ----a-w C:\Program Files\fg173tw.exe
                2006-10-01 13:00 36,656,704 ----a-w C:\Program Files\iTunesSetup(3).exe
                2006-09-30 22:06 7,560,680 ----a-w C:\Program Files\ubsetup.exe
                2006-09-23 23:49 19,666,504 ----a-w C:\Program Files\QuickTimeInstaller.exe
                2006-09-23 11:54 36,636,224 ----a-w C:\Program Files\iTunesSetup(2).exe
                2006-09-20 20:00 2,519,716 ----a-w C:\Program Files\eMulePlus-1.2.Installer.exe
                2006-07-13 22:35 2,337,576 ----a-w C:\Program Files\csim95nl.exe
                2006-07-12 22:19 15,300,392 ----a-w C:\Program Files\Install_Messenger.exe
                2006-07-08 09:31 11,817,800 ----a-w C:\Program Files\GoogleEarth.exe
                2006-07-01 14:28 695,448 ----a-w C:\Program Files\FearFM.exe
                2006-05-07 23:33 12,789,248 ----a-w C:\Program Files\MP10Setup(2).exe
                2006-04-21 18:58 278,695,200 ----a-w C:\Program Files\TmNationsESWC_Setup.exe
                2006-03-25 00:02 5,196,825 ----a-w C:\Program Files\Qtracker411.exe
                2005-09-27 12:02 125,440 ----a-w C:\Program Files\Office2003_SP2Changes.xls
                .

                ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                REGEDIT4
                *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "CSIM"="C:\PROGRA~1\CSIM\aim.exe" [ ]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [ ]
                "CTHelper"="CTHELPER.EXE" [2005-09-20 12:08 16384 C:\WINDOWS\CTHELPER.EXE]
                "CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 06:07 19968 C:\WINDOWS\system32\CTXFIHLP.EXE]
                "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
                "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-18 20:15 344064]
                "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
                "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [ ]
                "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [ ]
                "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [ ]
                "CTXFIREG"="CTxfiReg.exe"
                "UpdReg"="C:\WINDOWS\UpdReg.EXE" [ ]
                "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [ ]
                "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
                "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE" [ ]
                "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
                "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
                "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
                "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [ ]
                "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ ]
                "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [ ]
                "tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [ ]
                "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [ ]
                "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 22:25 28160 C:\WINDOWS\KHALMNPR.Exe]
                "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [ ]
                "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
                "QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
                "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]

                [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360]

                C:\Documents and Settings\PC\Menu Start\Programma's\Opstarten\
                Mediacontrole Cyber-shot Viewer.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-07-27 17:16:59 155648]

                C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
                dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2006-01-19 14:02:48 315392]
                Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-05-26 14:17:36 528384]
                Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 17:15:56 65588]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
                "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

                R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-09-20 11:53]

                .
                Inhoud van de 'Gedeelde Taken' map
                "2008-01-31 18:57:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                "2008-02-08 02:30:01 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
                - C:\Program Files\RegistrySmart\RegistrySmart .ex
                - C:\Program Files\RegistrySmart
                "2008-02-01 17:30:00 C:\WINDOWS\Tasks\Scannen op virussen via McAfee.com - Mijn computer (VIDTS-PC).job"
                - c:\program files\mcafee.com\vso\mcmnhdlr.exe
                .
                **************************************************************************

                catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2008-02-08 15:40:14
                Windows 5.1.2600 Service Pack 2 NTFS

                scannen van verborgen processen ...

                scannen van verborgen autostart items ...

                scannen van verborgen bestanden ...

                Scan succesvol afgerond
                verborgen bestanden: 0

                **************************************************************************
                .
                Voltooingstijd: 2008-02-08 15:40:46
                ComboFix-quarantined-files.txt 2008-02-08 14:40:44
                ComboFix2.txt 2008-02-08 13:26:35
                ComboFix3.txt 2008-01-26 20:26:22
                .
                2008-01-16 22:44:51 --- E O F ---

                Comment


                • #9
                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 15:42:25, on 8/02/2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\WINDOWS\system32\LEXBCES.EXE
                  C:\WINDOWS\system32\LEXPPS.EXE
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  C:\WINDOWS\system32\CTsvcCDA.EXE
                  C:\WINDOWS\eHome\ehRecvr.exe
                  C:\WINDOWS\eHome\ehSched.exe
                  c:\program files\mcafee.com\agent\mcdetect.exe
                  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
                  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                  C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
                  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\CTHELPER.EXE
                  C:\Program Files\iTunes\iTunesHelper.exe
                  C:\Program Files\Logitech\SetPoint\SetPoint.exe
                  C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
                  C:\WINDOWS\system32\dllhost.exe
                  C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
                  C:\Program Files\iPod\bin\iPodService.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\WINDOWS\explorer.exe
                  C:\WINDOWS\system32\notepad.exe
                  C:\Program Files\Mozilla Firefox\firefox.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                  O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
                  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
                  O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
                  O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
                  O3 - Toolbar: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFear.dll
                  O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
                  O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
                  O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
                  O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
                  O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                  O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
                  O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
                  O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
                  O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
                  O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
                  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
                  O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
                  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
                  O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE
                  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
                  O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                  O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
                  O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
                  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
                  O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
                  O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
                  O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
                  O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
                  O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
                  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                  O4 - HKCU\..\Run: [CSIM] C:\PROGRA~1\CSIM\aim.exe -cnetwait.odl
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                  O4 - Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
                  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                  O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
                  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
                  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                  O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
                  O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
                  O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
                  O8 - Extra context menu item: Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
                  O8 - Extra context menu item: Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
                  O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
                  O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
                  O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
                  O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://0-mariekn-0.spaces.msn.com//PhotoUpload/MsnPUpld.cab
                  O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.payrolling.randstad.be/msrdp.cab
                  O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d8eb1be671edb078.spaces.live.com/PhotoUpload/MsnPUpld.cab
                  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                  O17 - HKLM\System\CCS\Services\Tcpip\..\{F473ABDB-E89F-4BCC-9E69-EC715ECEBC44}: NameServer = 195.238.2.21 195.238.2.22
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                  O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
                  O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
                  O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
                  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
                  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
                  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
                  O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

                  --
                  End of file - 10673 bytes

                  Comment


                  • #10
                    Je Java software is verouderd.
                    Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                    Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                    • Download Java Runtime Environment (JRE) 6u4 en bewaar het naar je Bureaublad.
                    • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                    • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                    • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                    • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                    • Herhaal dit tot alle oudere versies verdwenen zijn.
                    • Na het verwijderen van alle oudere versies, herstart je pc.
                    • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                    Download ATF cleaner (mirror)(gemaakt door Atribune)

                    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                    Dubbelklik op ATF cleaner om het programma te starten.
                    Op het tabblad "Main", plaats je een vinkje bij Select All.
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook FireFox als browser hebt:
                    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook Opera als browser hebt:
                    Klik op tabblad "Opera", plaats een vinkje bij Select All.
                    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    Klik op de knop Empty Selected.
                    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                    Ga naar Start - Uitvoeren en geef hier het volgende in:
                    Combofix /U
                    Druk daarna op OK.
                    Let op: Er moet een spatie tussen Combofix en /U zitten.

                    Dit zal Combofix deïnstalleren.

                    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                    Kijk hier hoe je je systeemherstel moet uitschakelen.
                    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                    Post als laatste nog een nieuw logje van Hijackthis ter controle

                    Comment


                    • #11
                      alles gedaan zoals je had gevraagd

                      en dat ziet er allemaal properkes uit

                      nog een of andere log nodig, of kan ik dit als opeglost beschouwen?

                      Comment


                      • #12
                        Doe nog maar een vers logje van Hijackthis

                        Comment


                        • #13
                          Logfile of Trend Micro HijackThis v2.0.2
                          Scan saved at 16:26:37, on 8/02/2008
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                          Boot mode: Normal

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\Ati2evxx.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\WINDOWS\system32\LEXBCES.EXE
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\WINDOWS\system32\LEXPPS.EXE
                          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                          C:\WINDOWS\system32\CTsvcCDA.EXE
                          C:\WINDOWS\eHome\ehRecvr.exe
                          C:\WINDOWS\eHome\ehSched.exe
                          c:\program files\mcafee.com\agent\mcdetect.exe
                          c:\PROGRA~1\mcafee.com\vso\mcshield.exe
                          c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                          C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
                          C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\CTHELPER.EXE
                          C:\Program Files\iTunes\iTunesHelper.exe
                          C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
                          C:\Program Files\Logitech\SetPoint\SetPoint.exe
                          C:\WINDOWS\system32\dllhost.exe
                          C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
                          C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
                          C:\Program Files\iPod\bin\iPodService.exe
                          C:\WINDOWS\system32\wuauclt.exe
                          C:\Program Files\Mozilla Firefox\firefox.exe
                          c:\progra~1\azureus\Azureus.exe
                          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                          O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
                          O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                          O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                          O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
                          O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
                          O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
                          O3 - Toolbar: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFear.dll
                          O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
                          O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
                          O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
                          O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
                          O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                          O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
                          O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
                          O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
                          O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
                          O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
                          O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
                          O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
                          O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
                          O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE
                          O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
                          O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
                          O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                          O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
                          O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
                          O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
                          O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
                          O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
                          O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
                          O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
                          O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
                          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
                          O4 - HKCU\..\Run: [CSIM] C:\PROGRA~1\CSIM\aim.exe -cnetwait.odl
                          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                          O4 - Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
                          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                          O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
                          O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
                          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                          O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
                          O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
                          O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
                          O8 - Extra context menu item: Ontvang alles met FlashGet - C:\Program Files\FlashGet\jc_all.htm
                          O8 - Extra context menu item: Ontvang met FlashGet - C:\Program Files\FlashGet\jc_link.htm
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                          O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
                          O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
                          O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
                          O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://0-mariekn-0.spaces.msn.com//PhotoUpload/MsnPUpld.cab
                          O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.payrolling.randstad.be/msrdp.cab
                          O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d8eb1be671edb078.spaces.live.com/PhotoUpload/MsnPUpld.cab
                          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                          O17 - HKLM\System\CCS\Services\Tcpip\..\{F473ABDB-E89F-4BCC-9E69-EC715ECEBC44}: NameServer = 195.238.2.21 195.238.2.22
                          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                          O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
                          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                          O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
                          O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
                          O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
                          O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                          O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
                          O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
                          O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
                          O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

                          --
                          End of file - 10823 bytes

                          Comment


                          • #14
                            Logje ziet er weer prima uit

                            Comment


                            • #15
                              Oorspronkelijk geplaatst door smeenk Bekijk Berichten
                              Logje ziet er weer prima uit
                              danku wel

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X