Mededeling

Collapse
No announcement yet.

spyware

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • spyware

    Ik heb volgens mij zware spyware op mn pc :s
    Ik krijg (zoals de meesten) mn taakbeheer niet meer open, en ik krijg ook steeds 'reclame' voor anti-spyware-programma's te downloaden.

    Hier is mn resultaat van hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:02:29, on 8/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users\Application Data\lchspsba\xchubwla.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender9\bdmcon.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\Program Files\Softwin\BitDefender9\bdnagent.exe
    C:\Program Files\Softwin\BitDefender9\bdswitch.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\DOCUME~1\Admin\LOCALS~1\Temp\wupdmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\zqxinuzu.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: DVA Media - {952A0FBE-E225-450F-A518-E55805DAF6AC} - C:\WINDOWS\temlxopqwsp.dll (file missing)
    O3 - Toolbar: vnbptxlf - {9620B51A-BAB2-4FF5-8BB7-45C2C5510777} - C:\WINDOWS\vnbptxlf.dll (file missing)
    O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Time Dash Second Regs] C:\Documents and Settings\All Users\Application Data\bat glue time dash\each byte.exe
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SchijfBewaker\strpmon.exe" dm=http://schijfbewaker.com ad=http://schijfbewaker.com sd=http://inlog.schijfbewaker.com
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [netboot] C:\DOCUME~1\Admin\LOCALS~1\Temp\wupdmgr.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [config32] C:\WINDOWS\System32\3wg.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
    O4 - HKCU\..\Run: [boob rdr] C:\DOCUME~1\Admin\APPLIC~1\FACEFR~1\Globalflaw.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [fjiaaalc] C:\WINDOWS\system32\zqxinuzu.exe
    O4 - HKLM\..\Policies\Explorer\Run: [ooyRm5y128] C:\Documents and Settings\All Users\Application Data\lchspsba\xchubwla.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Roller%20Rush/Images/stg_drm.ocx
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jakkeuh1990.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176031729091
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jakkeuh1990.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Nanny%20Mania/Images/armhelper.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: mgsvflkw - {6C99BF13-3FD8-411A-B579-C694E7189979} - C:\WINDOWS\mgsvflkw.dll
    O21 - SSODL: qdnkewfa - {6E6428BC-EBDF-4945-9802-AD07866FF5E9} - C:\WINDOWS\qdnkewfa.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 9736 bytes

  • #2
    Start Hijackthis en plaats alleen een vinkje voor de volgende regels:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: DVA Media - {952A0FBE-E225-450F-A518-E55805DAF6AC} - C:\WINDOWS\temlxopqwsp.dll (file missing)
    O3 - Toolbar: vnbptxlf - {9620B51A-BAB2-4FF5-8BB7-45C2C5510777} - C:\WINDOWS\vnbptxlf.dll (file missing)
    O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
    O4 - HKLM\..\Run: [Time Dash Second Regs] C:\Documents and Settings\All Users\Application Data\bat glue time dash\each byte.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SchijfBewaker\strpmon.exe" dm=http://schijfbewaker.com ad=http://schijfbewaker.com sd=http://inlog.schijfbewaker.com
    O4 - HKLM\..\Run: [netboot] C:\DOCUME~1\Admin\LOCALS~1\Temp\wupdmgr.exe
    O4 - HKCU\..\Run: [config32] C:\WINDOWS\System32\3wg.exe
    O4 - HKCU\..\Run: [boob rdr] C:\DOCUME~1\Admin\APPLIC~1\FACEFR~1\Globalflaw.exe
    O4 - HKCU\..\Run: [fjiaaalc] C:\WINDOWS\system32\zqxinuzu.exe
    O4 - HKLM\..\Policies\Explorer\Run: [ooyRm5y128] C:\Documents and Settings\All Users\Application Data\lchspsba\xchubwla.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O21 - SSODL: mgsvflkw - {6C99BF13-3FD8-411A-B579-C694E7189979} - C:\WINDOWS\mgsvflkw.dll
    O21 - SSODL: qdnkewfa - {6E6428BC-EBDF-4945-9802-AD07866FF5E9} - C:\WINDOWS\qdnkewfa.dll

    Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked" om de geselecteerde regels te verwijderen.

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post ook een nieuw logje van Hijackthis

    Comment


    • #3
      als ik windows in veilige modus zet via uitvoren->msconfig ->boot.ini; dan krijg ik een scherm uit de jaren 90: vierkant en grijs (oude windsows) en ik kreeg ook geen internetverbinding op deze modus ..

      Comment


      • #4
        Je hebt toch ook geen vebinding nodig in veilige modus?

        Het enige dat je moet doen in veilige modus is de map RVAXO op je bureaublad openen en RunMe.cmd dubbelklikken.
        Daarna wachten tot het schermpje aangeeft dat je mag rebooten.
        In normale modus post je dan de logjes.

        Comment


        • #5
          RVAXO-results:
          ---RVAXO.exe Updated: 2008-04-08---first run---
          Uninstallers:

          Files found:
          C:\WINDOWS\tasks\A2A2055C9185842C.job
          C:\WINDOWS\wininit.ini
          C:\WINDOWS\system32smp
          C:\WINDOWS\system32smp\msrc.exe
          C:\Documents and Settings\Admin\Bureau~1\Error Cleaner.url
          C:\Documents and Settings\Admin\Bureau~1\Spyware&Malware Protection.url
          C:\Documents and Settings\Admin\Bureau~1\Privacy Protector.url
          C:\Documents and Settings\Admin\FAVORI~1\Error Cleaner.url
          C:\Documents and Settings\Admin\FAVORI~1\Privacy Protector.url
          C:\Documents and Settings\Admin\FAVORI~1\Spyware&Malware Protection.url

          Folders Found:
          C:\Documents and Settings\Admin\Application Data\SchijfBewaker
          C:\Documents and Settings\All Users\Application Data\SchijfBewaker
          C:\WINDOWS\system32\UpMedia
          C:\WINDOWS\privacy_danger
          C:\Documents and Settings\All Users\Application Data\SalesMon

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------
          Not deleted items:

          --------------RVAXO.exe finished----------------





          Hijackthis:

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 19:21:29, on 8/04/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16608)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
          C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
          C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
          C:\WINDOWS\system32\notepad.exe
          C:\Program Files\Softwin\BitDefender9\vsserv.exe
          C:\WINDOWS\system32\wscntfy.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\Program Files\Softwin\BitDefender9\bdmcon.exe
          C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
          C:\Program Files\Softwin\BitDefender9\bdnagent.exe
          C:\Program Files\Softwin\BitDefender9\bdswitch.exe
          C:\WINDOWS\system32\LVCOMSX.EXE
          C:\Program Files\Logitech\Video\LogiTray.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
          C:\Program Files\Logitech\Video\FxSvr2.exe
          C:\WINDOWS\System32\svchost.exe
          C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
          O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
          O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
          O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
          O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
          O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
          O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
          O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
          O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
          O4 - HKLM\..\Run: [netboot] C:\DOCUME~1\Admin\LOCALS~1\Temp\wupdmgr.exe
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
          O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
          O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: Bluetooth Manager.lnk = ?
          O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Roller%20Rush/Images/stg_drm.ocx
          O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jakkeuh1990.spaces.live.com//PhotoUpload/MsnPUpld.cab
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176031729091
          O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jakkeuh1990.spaces.live.com/PhotoUpload/MsnPUpld.cab
          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Nanny%20Mania/Images/armhelper.ocx
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
          O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
          O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
          O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
          O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
          O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
          O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
          O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

          --
          End of file - 7887 bytes








          --> alvast bedankt, smeenk volgens mij is de spyware verdwenen (het was hoogtijd om deze vuilbak eens leeg te maken )

          Danku

          Comment


          • #6
            Inderdaad een flinke opruiming

            Maar er staat waarschijnlijk nog wel meer op:

            Download dit bestand: zoek.exe
            Dubbelklik het, na een tijdje opent er een logje.
            Post de inhoud van dit logje in je volgende bericht

            Comment


            • #7
              ======C:\WINDOWS====
              ----a-w 0 2008-04-08 17:13:42 C:\WINDOWS\0.log
              --s-a-w 2,048 2008-04-08 17:13:04 C:\WINDOWS\bootstat.dat
              ----a-w 316,218 2008-04-01 11:16:05 C:\WINDOWS\comsetup.log
              ----a-w 63,256 2008-03-22 19:03:39 C:\WINDOWS\DPINST.LOG
              ----a-w 922,483 2008-04-01 11:16:05 C:\WINDOWS\FaxSetup.log
              ----a-w 143,498 2008-04-01 11:16:05 C:\WINDOWS\iis6.log
              ----a-w 1,355 2008-04-01 11:16:05 C:\WINDOWS\imsins.log
              ----a-w 217,088 2008-04-06 08:47:20 C:\WINDOWS\mgsvflkw.dll
              ----a-w 47,808 2008-04-01 11:16:05 C:\WINDOWS\msgsocm.log
              ----a-w 194,575 2008-04-01 11:16:05 C:\WINDOWS\ntdtcsetup.log
              ----a-w 475,849 2008-04-01 11:16:05 C:\WINDOWS\ocgen.log
              ----a-w 55,557 2008-04-01 11:16:05 C:\WINDOWS\ocmsn.log
              ----a-w 172,032 2008-04-06 08:47:18 C:\WINDOWS\qdnkewfa.dll
              ----a-w 32,296 2008-04-08 17:06:13 C:\WINDOWS\SchedLgU.Txt
              ----a-w 178,330 2008-04-01 11:16:11 C:\WINDOWS\setupact.log
              ----a-w 18,658 2008-04-01 12:08:41 C:\WINDOWS\setupapi.log
              ----a-w 1,138,828 2008-04-01 11:15:08 C:\WINDOWS\setupapi.log.0.old
              ----a-w 227 2008-04-08 17:12:02 C:\WINDOWS\system.ini
              ----a-w 0 2008-04-01 11:07:19 C:\WINDOWS\tosOBEX.INI
              ----a-w 366,693 2008-04-01 11:16:05 C:\WINDOWS\tsoc.log
              ----a-w 159 2008-04-08 17:13:21 C:\WINDOWS\wiadebug.log
              ----a-w 49 2008-04-08 17:13:21 C:\WINDOWS\wiaservc.log
              ----a-w 761 2008-04-08 17:12:02 C:\WINDOWS\win.ini
              ----a-w 1,765,609 2008-04-08 18:34:06 C:\WINDOWS\WindowsUpdate.log
              ----a-w 98 2008-04-01 11:28:49 C:\WINDOWS\WirelessFTP.INI
              ----a-w 204,872 2008-04-08 17:57:45 C:\WINDOWS\wmsetup.log

              Entries: 26 (25)
              Directories: 0 Files: 26
              Bytes: 6,318,347 Blocks: 12,354
              ======C:\WINDOWS\system32=====
              ----a-w 81,984 2008-04-08 18:43:58 C:\WINDOWS\System32\bdod.bin
              ----a-w 190,592 2008-03-24 06:25:23 C:\WINDOWS\System32\FNTCACHE.DAT
              ----a-w 34,064 2008-03-29 15:18:11 C:\WINDOWS\System32\lhacm.acm
              ----a-w 1,094 2008-03-16 19:49:14 C:\WINDOWS\System32\lvcoinst.log
              ----a-w 44,211 2008-04-08 17:17:55 C:\WINDOWS\System32\LVCOMSX.LOG
              ----a-w 40,972 2008-03-30 10:28:09 C:\WINDOWS\System32\perfc009.dat
              ----a-w 54,668 2008-03-30 10:28:09 C:\WINDOWS\System32\perfc013.dat
              ----a-w 314,644 2008-03-30 10:28:09 C:\WINDOWS\System32\perfh009.dat
              ----a-w 367,616 2008-03-30 10:28:09 C:\WINDOWS\System32\perfh013.dat
              ----a-w 784,704 2008-03-30 10:28:08 C:\WINDOWS\System32\PerfStringBackup.INI
              ----a-w 786,492 2008-04-08 16:17:40 C:\WINDOWS\System32\RVAXO.bat
              ----a-w 13,002 2008-04-08 17:14:27 C:\WINDOWS\System32\wpa.dbl
              ----a-w 106,496 2008-04-06 12:16:19 C:\WINDOWS\System32\zqxinuzu.exe

              Entries: 13 (13)
              Directories: 0 Files: 13
              Bytes: 2,820,539 Blocks: 5,516
              ======C:\WINDOWS\system32\drivers=====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =======C:\Program Files=====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =======C:=====
              --sha-r 211 2008-04-08 17:12:02 C:\boot.ini
              ----a-w 984 2008-04-08 17:09:30 C:\firstrun5.log
              --sha-w 267,964,416 2008-04-08 17:13:00 C:\hiberfil.sys
              --sha-w 471,859,200 2008-04-08 17:12:59 C:\pagefile.sys
              ----a-w 1,119 2008-04-08 17:13:35 C:\RVAXO-results.log
              ----a-w 17,532 2008-04-08 17:17:07 C:\RVAXO-Vfind.log

              Entries: 6 (3)
              Directories: 0 Files: 6
              Bytes: 739,843,462 Blocks: 1,445,009
              ======C:\Documents and Settings\Admin\Application Data======
              ----a-w 18,432 2008-04-01 15:37:11 C:\Documents and Settings\Admin\Application Data\internaldb41.dat
              ----a-w 374 2008-04-02 10:10:20 C:\Documents and Settings\Admin\Application Data\internaldb6334.dat
              ----a-w 555 2008-04-01 15:36:54 C:\Documents and Settings\Admin\Application Data\internaldb8467.dat
              ----a-w 92,672 2008-04-01 12:07:43 C:\Documents and Settings\Admin\Application Data\NMM-MetaData.db

              Entries: 4 (4)
              Directories: 0 Files: 4
              Bytes: 112,033 Blocks: 220
              ======C:\Temp======
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              ======C:\Documents and Settings\Admin======
              ----a-w 87 2008-04-08 16:13:49 C:\Documents and Settings\Admin\intlname.ols
              ---ha-w 6,553,600 2008-04-08 17:12:08 C:\Documents and Settings\Admin\NTUSER.DAT
              ---ha-w 28,672 2008-04-08 18:48:09 C:\Documents and Settings\Admin\ntuser.dat.LOG
              --sh--w 288 2008-04-08 17:12:08 C:\Documents and Settings\Admin\ntuser.ini
              ----a-w 0 2008-03-29 09:19:18 C:\Documents and Settings\Admin\temp_.txt

              Entries: 5 (2)
              Directories: 0 Files: 5
              Bytes: 6,582,647 Blocks: 12,858
              ======C:\WINDOWS\Downloaded Program Files====
              Entries: 0 (0)
              Directories: 0 Files: 0
              Bytes: 0 Blocks: 0
              =============

              Comment


              • #8
                Open een kladblokbestand.
                Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                @ECHO OFF
                IF EXIST log.txt DEL log.txt
                ECHO Deleting files>>log.txt
                FOR %%g in (
                C:\WINDOWS\mgsvflkw.dll
                C:\WINDOWS\qdnkewfa.dll
                C:\WINDOWS\System32\firewall.exe
                "C:\Documents and Settings\All Users\Application Data\bat glue time dash"
                C:\WINDOWS\System32\3wg.exe
                C:\DOCUME~1\Admin\APPLIC~1\FACEFR~1
                C:\PROGRA~1\FACEFR~1
                C:\WINDOWS\system32\zqxinuzu.exe
                "C:\Documents and Settings\All Users\Application Data\lchspsba") DO (
                DEL /Q %%gNUCIA
                IF EXIST %%g (
                ATTRIB -r -s -h %%g
                DEL %%g
                REN %%g *NUCIA
                RD /S /Q %%g
                IF EXIST %%gNUCIA (
                ECHO renamed to %%gNUCIA>>log.txt)
                IF EXIST %%g (
                ECHO %%g not deleted>>log.txt
                ) ELSE (
                ECHO %%g deleted>>log.txt)
                ) ELSE (
                ECHO %%g not found>>log.txt))
                START NOTEPAD.EXE log.txt

                Ga naar Bestand - Opslaan als.
                Bij "Opslaan in" kies je: Bureaublad
                Bij "Bestandsnaam" zet je: del.bat
                Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                Klik op de knop Opslaan.

                Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                Comment


                • #9
                  Deleting files
                  C:\WINDOWS\mgsvflkw.dll deleted
                  C:\WINDOWS\qdnkewfa.dll deleted
                  C:\WINDOWS\System32\firewall.exe not found
                  "C:\Documents and Settings\All Users\Application Data\bat glue time dash" deleted
                  C:\WINDOWS\System32\3wg.exe not found
                  C:\DOCUME~1\Admin\APPLIC~1\FACEFR~1 deleted
                  C:\PROGRA~1\FACEFR~1 not found
                  C:\WINDOWS\system32\zqxinuzu.exe deleted
                  "C:\Documents and Settings\All Users\Application Data\lchspsba" deleted



                  --> kga nu slapen, antwoordt hier maar op, ik lees het morgen wel.

                  Nog eens bedankt voor je tijd

                  Comment


                  • #10
                    Start Hijackthis en vink alleen de volgende regels aan:
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
                    O4 - HKLM\..\Run: [netboot] C:\DOCUME~1\Admin\LOCALS~1\Temp\wupdmgr.exe

                    Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

                    Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                    Dit zal alles van RVAXO doen verwijderen.

                    Je Java software is verouderd.
                    Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                    Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                    • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
                    • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                    • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                    • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                    • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                    • Herhaal dit tot alle oudere versies verdwenen zijn.
                    • Na het verwijderen van alle oudere versies, herstart je pc.
                    • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                    Download ATF cleaner (mirror)(gemaakt door Atribune)

                    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                    Dubbelklik op ATF cleaner om het programma te starten.
                    Op het tabblad "Main", plaats je een vinkje bij Select All.
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook FireFox als browser hebt:
                    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook Opera als browser hebt:
                    Klik op tabblad "Opera", plaats een vinkje bij Select All.
                    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    Klik op de knop Empty Selected.
                    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                    Kijk hier hoe je je systeemherstel moet uitschakelen.
                    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                    Post als laatste nog een nieuw logje van Hijackthis ter controle

                    Comment


                    • #11
                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 13:54:15, on 9/04/2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
                      C:\Program Files\Softwin\BitDefender9\bdmcon.exe
                      C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
                      C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
                      C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
                      C:\Program Files\Softwin\BitDefender9\bdnagent.exe
                      C:\Program Files\Softwin\BitDefender9\bdswitch.exe
                      C:\WINDOWS\system32\LVCOMSX.EXE
                      C:\Program Files\Logitech\Video\LogiTray.exe
                      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
                      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                      C:\Program Files\Logitech\Video\FxSvr2.exe
                      C:\Program Files\Softwin\BitDefender9\vsserv.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
                      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
                      O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
                      O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
                      O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
                      O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
                      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
                      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
                      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
                      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
                      O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
                      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
                      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                      O4 - Global Startup: Bluetooth Manager.lnk = ?
                      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Roller%20Rush/Images/stg_drm.ocx
                      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jakkeuh1990.spaces.live.com//PhotoUpload/MsnPUpld.cab
                      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176031729091
                      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jakkeuh1990.spaces.live.com/PhotoUpload/MsnPUpld.cab
                      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                      O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Nanny%20Mania/Images/armhelper.ocx
                      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
                      O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
                      O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
                      O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
                      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                      O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
                      O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

                      --
                      End of file - 7702 bytes

                      Comment


                      • #12
                        Logje ziet er goed uit

                        Comment


                        • #13
                          Ok, bedankt dat je me wou helpen!

                          Je bent de beste

                          Comment


                          • #14
                            Graag gedaan hoor

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X