Mededeling

Collapse
No announcement yet.

Malware

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Malware

    Computer is sinds enkele dagen erg traag.
    De startpagina werd gewijzigd.
    Ik vrees dat ik een beestje heb opgescharreld.

    Kan iemand hier eens naar kijken aub?

    Logfile of HijackThis v1.99.1
    Scan saved at 20:50:32, on 8/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\DitExp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\bearflix.exe" /pause
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
    O4 - HKLM\..\Run: [NI.UGA6PM_0001_N122M1202] "c:\documents and settings\beneden\application data\install_nl[1].exe"
    O4 - HKLM\..\Run: [NI.UGES_0001_N122M2602] "C:\Documents and Settings\beneden\Bureaublad\setup_en.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159042402171
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159044527734
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://apollo17.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: apdqnxp - {480F1330-872E-4CB5-9E76-8C8B818ACDAE} - (no file)
    O21 - SSODL: btrklfr - {BF9C3E28-D62E-4318-80BC-B3B649BF127B} - (no file)
    O21 - SSODL: RamDrive - {1b04b175-061c-4ccf-b700-b6e90d152b3b} - C:\WINDOWS\Installer\{1b04b175-061c-4ccf-b700-b6e90d152b3b}\RamDrive.dll
    O21 - SSODL: zip - {ae7c7a06-0740-45d1-976b-c41b1f5a2dc3} - C:\WINDOWS\Installer\{ae7c7a06-0740-45d1-976b-c41b1f5a2dc3}\zip.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    Labels: Geen
    • Citaat
  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
    - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)
    • Citaat

    Comment

    • #3
      ---RVAXO.exe Updated: 2008-03-08---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\fqspogw.exe
      C:\WINDOWS\system32\actskn45.ocx
      C:\Documents and Settings\beneden\Bureau~1\Error Cleaner.url
      C:\Documents and Settings\beneden\Bureau~1\Spyware&Malware Protection.url
      C:\Documents and Settings\beneden\Bureau~1\Privacy Protector.url
      C:\Documents and Settings\beneden\FAVORI~1\Error Cleaner.url
      C:\Documents and Settings\beneden\FAVORI~1\Privacy Protector.url
      C:\Documents and Settings\beneden\FAVORI~1\Spyware&Malware Protection.url

      Folders Found:
      C:\Program Files\AntiVirusScherm

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------

      Deckard's System Scanner v20071014.68
      Run by beneden on 2008-03-08 21:20:55
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      87: 2008-03-08 20:21:07 UTC - RP653 - Deckard's System Scanner Restore Point
      86: 2008-03-08 19:45:55 UTC - RP652 - Installed Sygate Personal Firewall
      85: 2008-03-06 20:10:36 UTC - RP651 - ComboFix created restore point
      84: 2008-03-06 05:45:49 UTC - RP650 - Controlepunt van systeem
      83: 2008-03-04 11:29:30 UTC - RP649 - Controlepunt van systeem


      -- First Restore Point --
      1: 2007-12-08 07:28:14 UTC - RP567 - Controlepunt van systeem


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as beneden.exe) ---------------------------------------------

      Unable to find log (file not found); running clone.
      -- HijackThis Clone ------------------------------------------------------------


      Emulating logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 2008-03-08 21:22:44
      Platform: Windows XP Service Pack 2 (5.01.2600)
      MSIE: Internet Explorer (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\system32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Sygate\SPF\Smc.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\ati2evxx.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      C:\Program Files\Network Associates\VirusScan\mcshield.exe
      C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\htpatch.exe
      C:\WINDOWS\Dit.exe
      C:\Program Files\Network Associates\VirusScan\shstat.exe
      C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
      C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\DitExp.exe
      C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Documents and Settings\beneden\Bureaublad\dss.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/backup%20gsc%20279361/Mijn%20documenten/sus.html
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
      O4 - HKLM\..\Run: [Dit] Dit.exe
      O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\bearflix.exe" /pause
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [NI.UGA6PM_0001_N122M1202] "c:\documents and settings\beneden\application data\install_nl[1].exe"
      O4 - HKLM\..\Run: [NI.UGES_0001_N122M2602] "C:\Documents and Settings\beneden\Bureaublad\setup_en.exe"
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
      O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159042402171
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159044527734
      O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://apollo17.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
      O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37671.2196180556
      O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {E2739AFF-FA40-4527-9A19-DE81795C2C03} (MSN Money Ticker) - http://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/ticker.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
      O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
      O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
      O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
      O21 - SSODL: RamDrive - {1b04b175-061c-4ccf-b700-b6e90d152b3b} - C:\WINDOWS\Installer\{1b04b175-061c-4ccf-b700-b6e90d152b3b}\RamDrive.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
      O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
      O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
      O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe


      --
      End of file - 11001 bytes

      -- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

      backup-20070907-214159-900 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      backup-20070907-214237-481 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      backup-20070907-214358-408 O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
      backup-20070907-214359-131 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
      backup-20070907-214359-513 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
      backup-20070907-214359-522 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      backup-20070907-214532-305 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      backup-20070907-214532-659 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spacekwak.spaces.live.com//PhotoUpload/MsnPUpld.cab
      backup-20070907-214533-313 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://apollo17.spaces.live.com/PhotoUpload/MsnPUpld.cab
      backup-20070907-214533-406 O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
      backup-20070907-214533-447 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      backup-20070907-214533-868 O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      backup-20070907-214534-171 O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
      backup-20080308-200451-579 O3 - Toolbar: enlfxgw - {6F935236-97C7-42A0-AD79-AD299EB60E83} - C:\WINDOWS\enlfxgw.dll (file missing)

      -- File Associations -----------------------------------------------------------

      All associations okay.


      -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

      R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
      R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
      R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
      R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
      R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
      R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
      R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

      S3 PRISM_A02 (802.11g Wireless USB dongle) - c:\windows\system32\drivers\prisma02.sys <Not Verified; Conexant Systems, Inc.; PRISM 802.11 Wireless LAN>


      -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

      R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
      R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>

      S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


      -- Device Manager: Disabled ----------------------------------------------------

      No disabled devices found.


      -- Files created between 2008-02-08 and 2008-03-08 -----------------------------

      2008-03-08 21:18:42 0 d-------- C:\RVAXO
      2008-03-08 21:18:39 16384 --a------ C:\WINDOWS\system32\Restart.exe <Not Verified; WareSoft Software; restart>
      2008-03-08 21:16:46 0 dr------- C:\Documents and Settings\NetworkService\Favorieten
      2008-03-08 21:12:18 728462 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-03-08 21:12:18 69632 --a------ C:\WINDOWS\system32\remove.exe
      2008-03-08 21:02:22 0 dr-h----- C:\Documents and Settings\beneden\Onlangs geopend
      2008-03-08 20:46:16 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
      2008-03-08 20:46:16 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
      2008-03-08 20:45:57 0 d-------- C:\Program Files\Sygate
      2008-03-06 21:18:57 0 d-------- C:\Documents and Settings\beneden\Application Data\Grisoft
      2008-03-06 21:18:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-03-06 21:10:18 68096 --a------ C:\WINDOWS\system32\zip.exe
      2008-03-06 21:10:18 98816 --a------ C:\WINDOWS\system32\sed.exe
      2008-03-06 21:10:18 80412 --a------ C:\WINDOWS\system32\grep.exe
      2008-03-06 21:10:18 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
      2008-03-06 20:49:23 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
      2008-03-06 19:20:44 0 dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
      2008-03-06 19:15:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
      2008-03-06 19:04:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
      2008-03-06 14:50:48 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-03-01 11:57:41 0 d-------- C:\Program Files\Real
      2008-03-01 11:57:26 0 d-------- C:\Documents and Settings\beneden\Application Data\Real
      2008-03-01 11:51:23 0 d-------- C:\Documents and Settings\beneden\Application Data\Winamp
      2008-02-26 21:55:33 0 d-------- C:\Program Files\Windows Live
      2008-02-26 20:38:38 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
      2008-02-26 20:38:02 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller


      -- Find3M Report ---------------------------------------------------------------

      2008-03-08 20:45:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-03-07 22:17:45 0 d-------- C:\Program Files\IQwhslite
      2008-03-06 19:16:27 0 d-------- C:\Program Files\Common Files\Real
      2008-03-06 19:16:06 0 d-------- C:\Program Files\Common Files
      2008-03-06 14:54:42 498002 --a------ C:\WINDOWS\system32\perfh013.dat
      2008-03-06 14:54:42 86908 --a------ C:\WINDOWS\system32\perfc013.dat
      2008-03-01 11:52:31 0 d-------- C:\Program Files\Winamp
      2008-02-26 21:06:07 0 d-------- C:\Documents and Settings\beneden\Application Data\PDF reDirect
      2008-02-26 21:05:52 0 d-------- C:\Program Files\Common Files\InstallShield
      2008-02-26 21:05:37 0 d--h----- C:\Program Files\InstallShield Installation Information
      2008-02-19 18:12:16 0 d-------- C:\Program Files\Common Files\Adobe


      -- Registry Dump ---------------------------------------------------------------

      *Note* empty entries & legit default entries are not shown


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "HTpatch"="C:\WINDOWS\htpatch.exe" [30/10/2002 17:40]
      "Dit"="Dit.exe" [28/08/2002 13:43 C:\WINDOWS\Dit.exe]
      "VOBRegCheck"="C:\WINDOWS\System32\VOBREGCheck.exe" [08/01/2003 15:55]
      "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [22/09/2004 20:00]
      "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [06/08/2004 03:50]
      "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [07/10/2003 09:48]
      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 16:40]
      "SoundMan"="SOUNDMAN.EXE" [20/01/2003 10:48 C:\WINDOWS\SOUNDMAN.EXE]
      "PCMService"="C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe" [17/02/2003 18:35]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
      "BearFlix"="C:\Program Files\BearFlix\bearflix.exe"
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [26/09/2007 11:39]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
      "WinampAgent"="C:\Program Files\Winamp\winampa.exe"
      "NI.UGA6PM_0001_N122M1202"="c:\documents and settings\beneden\application data\install_nl[1].exe"
      "NI.UGES_0001_N122M2602"="C:\Documents and Settings\beneden\Bureaublad\setup_en.exe"
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
      "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [15/10/2004 19:40]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 09:03]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [09/10/2006 11:28]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "NoColorChoice"=0 (0x0)
      "NoSizeChoice"=0 (0x0)
      "NoDispScrSavPage"=0 (0x0)
      "NoDispCPL"=0 (0x0)
      "NoVisualStyleChoice"=0 (0x0)
      "NoDispSettingsPage"=0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoActiveDesktopChanges"=0 (0x0)

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
      "RamDrive"= {1b04b175-061c-4ccf-b700-b6e90d152b3b} - C:\WINDOWS\Installer\{1b04b175-061c-4ccf-b700-b6e90d152b3b}\RamDrive.dll [06/03/2008 07:16 18606]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
      @="Volume shadow copy"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
      C:\WINDOWS\system32\\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
      C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

      *Newly Created Service* - ENTDRV51



      -- End of Deckard's System Scanner: finished at 2008-03-08 21:23:39 ------------
      • Citaat

      Comment

      • #4
        1) Open een kladblokbestand.
        2) Kopieer onderstaande code in dit kladblokbestand.
        3) Ga naar Bestand - Opslaan als.
        -Bij "Opslaan in" kies je: Bureaublad
        -Bij "Bestandsnaam" zet je: fix.reg
        -Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
        -Klik op de knop Opslaan.
        Code:
        REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BearFlix"=-
"NI.UGA6PM_0001_N122M1202"=-
"NI.UGES_0001_N122M2602"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"RamDrive"=-
        4) Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

        Herstart je computer en post een nieuw logje van Hijackthis ter controle
        • Citaat

        Comment

        • #5
          Hallo
          Hierbij het nieuwe logje:

          Logfile of HijackThis v1.99.1
          Scan saved at 0:01:22, on 9/03/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16608)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Sygate\SPF\smc.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\htpatch.exe
          C:\WINDOWS\Dit.exe
          C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
          C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
          C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
          C:\WINDOWS\SOUNDMAN.EXE
          C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
          C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
          C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
          C:\WINDOWS\DitExp.exe
          C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
          C:\Program Files\Network Associates\VirusScan\mcshield.exe
          C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\HijackThis\beneden.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/backup%20gsc%20279361/Mijn%20documenten/sus.html
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
          O4 - HKLM\..\Run: [Dit] Dit.exe
          O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
          O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
          O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
          O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
          O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
          O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
          O11 - Options group: [INTERNATIONAL] International*
          O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
          O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
          O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
          O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159042402171
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159044527734
          O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
          O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://apollo17.spaces.live.com/PhotoUpload/MsnPUpld.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
          O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
          O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
          O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
          O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
          O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
          O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
          O21 - SSODL: RamDrive - {1b04b175-061c-4ccf-b700-b6e90d152b3b} - C:\WINDOWS\Installer\{1b04b175-061c-4ccf-b700-b6e90d152b3b}\RamDrive.dll
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
          O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
          O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
          • Citaat

          Comment

          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ATTRIB -r -s -h C:\WINDOWS\Installer\{1b04b175-061c-4ccf-b700-b6e90d152b3b}\RamDrive.dll
            ren C:\WINDOWS\Installer\{1b04b175-061c-4ccf-b700-b6e90d152b3b}\RamDrive.dll RamDrive.bak
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\Installer\{ae7c7a06-0740-45d1-976b-c41b1f5a2dc3}\zip.dll
            C:\WINDOWS\Installer\{1b04b175-061c-4ccf-b700-b6e90d152b3b}\RamDrive.dll
            C:\WINDOWS\Installer\{1b04b175-061c-4ccf-b700-b6e90d152b3b}\RamDrive.bak) DO (
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post de inhoud van de logfile die opent.
            • Citaat

            Comment

            • #7
              Deleting files
              C:\WINDOWS\Installer\{ae7c7a06-0740-45d1-976b-c41b1f5a2dc3}\zip.dll not found
              C:\WINDOWS\Installer\{1b04b175-061c-4ccf-b700-b6e90d152b3b}\RamDrive.dll not deleted
              C:\WINDOWS\Installer\{1b04b175-061c-4ccf-b700-b6e90d152b3b}\RamDrive.bak not found
              • Citaat

              Comment

              • #8
                Probeer del.bat eens uit te voeren in veilige modus.
                • Citaat

                Comment

                • #9
                  Deleting files
                  C:\WINDOWS\Installer\{ae7c7a06-0740-45d1-976b-c41b1f5a2dc3}\zip.dll not found
                  C:\WINDOWS\Installer\{1b04b175-061c-4ccf-b700-b6e90d152b3b}\RamDrive.dll not found
                  C:\WINDOWS\Installer\{1b04b175-061c-4ccf-b700-b6e90d152b3b}\RamDrive.bak deleted
                  • Citaat

                  Comment

                  • #10
                    Dubbelklik nu nogmaals op fix.reg die je al eerder hebt aangemaakt.

                    Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                    Dit zal alles van RVAXO doen verwijderen.

                    Je Java software is verouderd.
                    Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                    Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                    • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
                    • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                    • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                    • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                    • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                    • Herhaal dit tot alle oudere versies verdwenen zijn.
                    • Na het verwijderen van alle oudere versies, herstart je pc.
                    • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                    Download ATF cleaner (mirror)(gemaakt door Atribune)

                    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                    Dubbelklik op ATF cleaner om het programma te starten.
                    Op het tabblad "Main", plaats je een vinkje bij Select All.
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook FireFox als browser hebt:
                    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook Opera als browser hebt:
                    Klik op tabblad "Opera", plaats een vinkje bij Select All.
                    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    Klik op de knop Empty Selected.
                    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                    Kijk hier hoe je je systeemherstel moet uitschakelen.
                    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                    Post als laatste nog een nieuw logje van Hijackthis ter controle
                    • Citaat

                    Comment

                    • #11
                      Logfile of HijackThis v1.99.1
                      Scan saved at 1:11:36, on 9/03/2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16608)

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\Ati2evxx.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\Sygate\SPF\smc.exe
                      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      C:\WINDOWS\system32\Ati2evxx.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\WINDOWS\htpatch.exe
                      C:\WINDOWS\Dit.exe
                      C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
                      C:\WINDOWS\DitExp.exe
                      C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
                      C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
                      C:\WINDOWS\SOUNDMAN.EXE
                      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                      C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
                      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
                      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\Network Associates\VirusScan\mcshield.exe
                      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
                      C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
                      C:\WINDOWS\system32\rundll32.exe
                      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
                      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\Program Files\HijackThis\beneden.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/backup%20gsc%20279361/Mijn%20documenten/sus.html
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080/
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
                      O4 - HKLM\..\Run: [Dit] Dit.exe
                      O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
                      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
                      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
                      O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
                      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
                      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                      O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
                      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
                      O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                      O11 - Options group: [INTERNATIONAL] International*
                      O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
                      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
                      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
                      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
                      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159042402171
                      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159044527734
                      O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
                      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://apollo17.spaces.live.com/PhotoUpload/MsnPUpld.cab
                      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                      O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
                      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
                      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
                      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
                      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
                      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
                      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
                      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
                      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                      O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                      O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
                      O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
                      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
                      O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
                      • Citaat

                      Comment

                      • #12
                        Logje ziet er schoon uit hoor

                        Zijn alle problemen nu ook voorbij?
                        • Citaat

                        Comment

                        • #13
                          Het ziet er inderdaad naar uit dat de problemen opgelost zijn!

                          Je bent heel erg bedankt voor de duidelijke uiteenzetting!
                          • Citaat

                          Comment

                          • #14
                            Graag gedaan hoor
                            • Citaat

                            Comment

                            Vorige template Volgende
                            Sorry, you are not authorized to view this page
                            Working...
                            X