loggie

Status
Niet open voor verdere reacties.
A

astrid heijnen

Gebruiker
Lid geworden
25 feb 2004
Berichten
127
zou iemand hier eens naar willen en kunnen kijken?

Logfile of HijackThis v1.98.2
Scan saved at 13:20:53, on 10-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\Program Files\Norton AntiVirus\navapsvc.exe
I:\WINDOWS\System32\nvsvc32.exe
I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Norton AntiVirus\SAVScan.exe
I:\Program Files\Analog Devices\SoundMAX\SMTray.exe
I:\WINDOWS\System32\RUNDLL32.EXE
I:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
I:\Program Files\Messenger Plus! 3\MsgPlus.exe
I:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
I:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\WINDOWS\System32\bcmwltry.exe
I:\WINDOWS\System32\ctfmon.exe
I:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
I:\Program Files\VIA\RAID\raid_tool.exe
I:\WINDOWS\System32\wuauclt.exe
I:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
I:\WINDOWS\explorer.exe
I:\Documents and Settings\astrid\Local Settings\Temp\Tijdelijke map 6 voor hijackthis.zip\HijackThis.exe
I:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - I:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\MSDXM.OCX
O4 - HKLM\..\Run: [SSC_UserPrompt] I:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Smapp] I:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV CfgWiz] I:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [msnappau] "I:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] I:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [sais] i:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [IST Service] I:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunOnce: [AAW] "I:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: GStartup.lnk = I:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: PrecisionTime.lnk = I:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = I:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: VIA RAID TOOL.lnk = I:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://advnt01.com/dialer/olanda_ver3.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game19.zylom.lycos.nl/activex/zylomgamesplayer.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
 
Hoi Astrid,

Je draait HijackThis vanuit een tijdelijke map. Dat is onverstandig, want zo raken de back-ups gemakkelijk zoek. Maak dus even een eigen, permanente map voor HijackThis, bijvoorbeeld I:\Program Files\HJT. Verplaats HijackThis naar die map en draai het nu dus vanuit die map.

1. Scan met HijackThis en vink de volgende items aan:
O4 - HKLM\..\Run: [sais] i:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [IST Service] I:\Program Files\ISTsvc\istsvc.exe
O4 - Global Startup: GStartup.lnk = I:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: PrecisionTime.lnk = I:\Program Files\PrecisionTime\PrecisionTime.exe

O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://advnt01.com/dialer/olanda_ver3.CAB
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
Klik om te vergroten...
Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus.
Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

Verwijder nu, in veilige modus dus, de volgende mappen (als ze er nog zijn):

I:\Program Files\180solutions
I:\Program Files\ISTsvc
I:\Program Files\PrecisionTime
I:\Program Files\Common Files\GMT

3. Herstart de pc in 'normale modus'.

4. Maak een nieuw log en plaats dat hier.
 
nieuwe log

hier is mijn nieuwe log

Logfile of HijackThis v1.98.2
Scan saved at 16:03:11, on 14-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\Program Files\Norton AntiVirus\navapsvc.exe
I:\WINDOWS\System32\nvsvc32.exe
I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Norton AntiVirus\SAVScan.exe
I:\WINDOWS\System32\wuauclt.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
I:\Program Files\Analog Devices\SoundMAX\SMTray.exe
I:\WINDOWS\System32\RUNDLL32.EXE
I:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
I:\Program Files\Messenger Plus! 3\MsgPlus.exe
I:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
I:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\WINDOWS\System32\bcmwltry.exe
I:\WINDOWS\gkyxeij.exe
I:\Program Files\Internet Optimizer\optimize.exe
I:\Program Files\Web_Rebates\WebRebates0.exe
I:\WINDOWS\System32\ctfmon.exe
I:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
I:\Program Files\VIA\RAID\raid_tool.exe
I:\WINDOWS\System32\wuauclt.exe
I:\Program Files\Messenger\msmsgs.exe
I:\Documents and Settings\astrid\Local Settings\Temp\Tijdelijke map 8 voor hijackthis.zip\HijackThis.exe
I:\Program Files\Web_Rebates\WebRebates1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - I:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - I:\Program Files\SideFind\sfbho.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\MSDXM.OCX
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - I:\PROGRA~1\ISTbar\istbar.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] I:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Smapp] I:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV CfgWiz] I:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [msnappau] "I:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] I:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [Kyvd] I:\WINDOWS\gkyxeij.exe
O4 - HKLM\..\Run: [Internet Optimizer] "I:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [WebRebates0] "I:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [IST Service] I:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = I:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: VIA RAID TOOL.lnk = I:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://I:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - I:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game19.zylom.lycos.nl/activex/zylomgamesplayer.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
 
loggie nr. 3

daar is dan weer mijn nieuwe log

Logfile of HijackThis v1.98.2
Scan saved at 19:07:49, on 14-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\System32\alg.exe
I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\Program Files\Norton AntiVirus\navapsvc.exe
I:\WINDOWS\System32\nvsvc32.exe
I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\wdfmgr.exe
I:\Program Files\Norton AntiVirus\SAVScan.exe
I:\Program Files\Analog Devices\SoundMAX\SMTray.exe
I:\WINDOWS\System32\RUNDLL32.EXE
I:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
I:\Program Files\Messenger Plus! 3\MsgPlus.exe
I:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
I:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\WINDOWS\System32\bcmwltry.exe
I:\WINDOWS\gkyxeij.exe
I:\WINDOWS\System32\ctfmon.exe
I:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
I:\Program Files\VIA\RAID\raid_tool.exe
I:\Program Files\Messenger\msmsgs.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\Program Files\Analog Devices\SoundMAX\SMTray.exe
I:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
I:\Program Files\Messenger Plus! 3\MsgPlus.exe
I:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
I:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\WINDOWS\System32\bcmwltry.exe
I:\Program Files\ISTsvc\istsvc.exe
I:\WINDOWS\System32\ctfmon.exe
I:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
I:\Program Files\VIA\RAID\raid_tool.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\MSN Messenger\msnmsgr.exe
I:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\WINDOWS\System32\WISPTIS.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\WINDOWS\System32\wuauclt.exe
I:\Program Files\Messenger\msmsgs.exe
I:\WINDOWS\explorer.exe
I:\Program Files\ISTsvc\istsvc.exe
I:\Documents and Settings\astrid\Local Settings\Temp\Tijdelijke map 8 voor hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - I:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\MSDXM.OCX
O4 - HKLM\..\Run: [SSC_UserPrompt] I:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Smapp] I:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV CfgWiz] I:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [msnappau] "I:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] I:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [Kyvd] I:\WINDOWS\gkyxeij.exe
O4 - HKLM\..\Run: [IST Service] I:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunOnce: [AAW] "I:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = I:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: VIA RAID TOOL.lnk = I:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game19.zylom.lycos.nl/activex/zylomgamesplayer.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
 
Re: loggie nr. 3

Je draait HijackThis nog steeds vanuit een tijdelijke map. Dat is onverstandig, want zo raken de back-ups gemakkelijk zoek. Maak dus even een eigen, permanente map voor HijackThis, bijvoorbeeld I:\Program Files\HJT. Verplaats HijackThis naar die map en draai het nu dus vanuit die map. Dus HijackThis niet iedere keer weer opnieuw unzippen en dan direct vanuit de tijdelijke zip-map draaien, maar het unzippen naar een eigen, permanente map en dan vanuit díe map draaien.


1. Scan met HijackThis en vink de volgende items aan:
O4 - HKLM\..\Run: [Kyvd] I:\WINDOWS\gkyxeij.exe
O4 - HKLM\..\Run: [IST Service] I:\Program Files\ISTsvc\istsvc.exe
Klik om te vergroten...
Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus.
Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

Verwijder nu, in veilige modus dus, de volgende bestanden en mappen (voor zover nog aanwezig):

I:\WINDOWS\gkyxeij.exe <- dat bestand
I:\Program Files\ISTsvc <- die map

3. Herstart de pc in 'normale modus'.

4. Ga naar de volgende topic, lees het eerste bericht zorgvuldig door en volg alle adviezen die daar staan op (want dit blijkt hard nodig te zijn): http://www.helpmij.nl/forum/showthread.php?threadid=184512

5. Wil je de Yahoo Companion Toolbar ook kwijt, lees dan hier hoe je die kunt verwijderen: http://support.microsoft.com/?kbid=303047

6. Maak een nieuw log en plaats dat hier.
 
volgende log :-)

hier mijn nieuwe log
Logfile of HijackThis v1.98.2
Scan saved at 9:05:15, on 15-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\Program Files\Norton AntiVirus\navapsvc.exe
I:\WINDOWS\System32\nvsvc32.exe
I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Norton AntiVirus\SAVScan.exe
I:\WINDOWS\System32\wuauclt.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
I:\Program Files\Analog Devices\SoundMAX\SMTray.exe
I:\WINDOWS\System32\RUNDLL32.EXE
I:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
I:\Program Files\Messenger Plus! 3\MsgPlus.exe
I:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
I:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\WINDOWS\System32\bcmwltry.exe
I:\WINDOWS\System32\ctfmon.exe
I:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
I:\Program Files\VIA\RAID\raid_tool.exe
I:\Program Files\Messenger\msmsgs.exe
I:\WINDOWS\System32\wuauclt.exe
I:\Program Files\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - I:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\MSDXM.OCX
O4 - HKLM\..\Run: [SSC_UserPrompt] I:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Smapp] I:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV CfgWiz] I:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [msnappau] "I:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] I:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [IST Service] I:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Kyvd] I:\WINDOWS\gkyxeij.exe
O4 - HKCU\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = I:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: VIA RAID TOOL.lnk = I:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game19.zylom.lycos.nl/activex/zylomgamesplayer.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
 
:confused:

Start op in veilige modus.

Scan in veilige modus met HijackThis en vink deze twee items aan:
O4 - HKLM\..\Run: [IST Service] I:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Kyvd] I:\WINDOWS\gkyxeij.exe
Klik om te vergroten...
Klik op "Fix checked".

Herstart de pc in 'normale modus', maak een nieuw log en plaats dat hier.
 
de volgende

hier mijn volgende log

Logfile of HijackThis v1.98.2
Scan saved at 12:30:43, on 15-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\Program Files\Norton AntiVirus\navapsvc.exe
I:\WINDOWS\System32\nvsvc32.exe
I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
I:\Program Files\Analog Devices\SoundMAX\SMTray.exe
I:\WINDOWS\System32\RUNDLL32.EXE
I:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
I:\Program Files\Messenger Plus! 3\MsgPlus.exe
I:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
I:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\WINDOWS\System32\bcmwltry.exe
I:\WINDOWS\System32\ctfmon.exe
I:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
I:\Program Files\VIA\RAID\raid_tool.exe
I:\Program Files\Messenger\msmsgs.exe
I:\Program Files\Norton AntiVirus\SAVScan.exe
I:\Program Files\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - I:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - I:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\MSDXM.OCX
O4 - HKLM\..\Run: [SSC_UserPrompt] I:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Smapp] I:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV CfgWiz] I:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [msnappau] "I:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] I:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKCU\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = I:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: VIA RAID TOOL.lnk = I:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game19.zylom.lycos.nl/activex/zylomgamesplayer.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
 
bedankt

hartstikke bedankt voor de moeite en jullie adviezen hebt ik inmiddels opgevolgd.

voor alle medewerkers fijne feestdagen en een gelukkig 2005

:love:
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan