Vraag & Antwoord

Beveiliging & privacy

HijackThis; wie kan mij helpen

14 antwoorden
  • Deze week kreeg mijn machine last van Web popups, ongeacht of de browser al dan niet geopend was voor eigen doeleinden. Dit terwijl Adaware SE Pro meeliep samen met McAfee. Ondanks Spybot, Spysweeper, Spyware-Doctor, SpyBlocs en MS AntiSpyware blijven de popups komen (tenzij ik de LAN uitschakel), en de machine wordt zo traag als....... CT adviseert de log van Hijackthis op dit forum te plaatsen. Hierbij volgt dat dus. Is er iemand die mij kan verlossen. Logfile of HijackThis v1.99.0 Scan saved at 20:40:22, on 29-12-05 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Nhksrv.exe C:\Program Files\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\CTsvcCDA.EXE c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\WINDOWS\DELLMMKB.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\System32\devldr32.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Netropa\OSD.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Speed Disk\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\knlwrap.exe C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe C:\Program Files\Spyware Doctor\swdoctor.exe c:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - Default URLSearchHook is missing O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\NetTransport\NTAddList.html O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\NetTransport\NTAddLink.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121163982240 O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab O23 - Service: BlueSoleil Hid Service - Unknown - C:\Program Files\BlueSoleil\BTNtService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee WSC Integration - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor - Unknown - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
  • Je gebruikt een oudere versie van HijackThis. Best dat je eerst update naar de nieuwste versie. Start HijackThis, Ga naar Config - Misc tools - Check for update online. Download de nieuwste versie, unzip het en plaats het in een eigen map (vb c:\hijackthis). (De nieuwste versie van HijackThis kan je ook [url=http://www.downloads.subratam.org/hijackthis.zip]hier[/url] downloaden). Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:26443d7ef9]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing[/b:26443d7ef9] Klik daarna op "Fix checked" en sluit HijackThis af. Start de computer op in veilige modus. Hoe je dit doet kan je [url=http://users.telenet.be/marcvn/spyware/1378056.htm]hier[/url] lezen. Download de Registry Search Tool [url=http://www.billsway.com/vbspage/]hier[/url]. Unzip het script. Start de computer op in veilige modus. Hoe je dit doet kan je [url=http://users.telenet.be/marcvn/spyware/1378056.htm]hier[/url] lezen. Start RegSrch.vbs. In het Zoekveld geef je het volgende in: [b:26443d7ef9]adchannel[/b:26443d7ef9] Als er wat gevonden wordt, krijg je een logje. Sla dit logje op. Herstart de computer in normale windowsmodus. Meldt het resultaat van regsearch. Start HijackThis opnieuw, maak een nieuwe log en post deze.
  • Beste hulpverlener Alle handelingen zoals aangegeven uitgevoerd. RegSrch.vbs leverde geen resultaten op. Nieuwe HijackThis lof-file is als volgt: Logfile of HijackThis v1.99.1 Scan saved at 22:46:24, on 29-12-05 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Nhksrv.exe C:\Program Files\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\DELLMMKB.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\System32\devldr32.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Netropa\OSD.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Speed Disk\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\wuauclt.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\NetTransport\NTAddList.html O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\NetTransport\NTAddLink.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121163982240 O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\ O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\hrj4051qe.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\BlueSoleil\BTNtService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
  • Fix met hijackthis deze sleutel: [b:e5760dd381]O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\ [/b:e5760dd381] Download de L2Mfix [url=http://www.downloads.subratam.org/l2mfix.exe]hier[/url]. Plaats het bestand op je buroblad. Klik op l2mfix.exe. Klik op "Accept". Zorg dat de l2mfix-map op je bureaublad geplaatst wordt. Klik op "Install". Op je bureaublad open je de map l2mfix. Klik op l2fix.bat. Klik op "1" om optie te 1 selecteren: Run Find Log. Dit gaat even duren. Na een tijdje wordt er een kladblokbestand geopend. Kopieer en plak de inhoud van dit bestand in je volgende post. Let op: Optie 2 mag je voorlopig NIET gebruiken. Gebruik ook geen andere bestanden die zich in de map l2mfix bevinden!
  • Beste hulpverlener, Zojuist nieuwe instructies uitgevoerd. Hierbij resultaat: L2MFIX find log 122705 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled\SideBySide] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\n6r2lg9o16.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\hrj0051me.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{671E2027-3E76-1260-EE5C-618C9F6181B3}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webmappen" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "MP3-Info extension"="{448f4a40-2602-11d1-b4c0-080000051171}" "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{0E6C58A9-F592-4862-B35F-CA45E24003B3}"="CloneCD" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{661825E5-B9A4-4D3E-8B74-3B6B63C32A80}"="Shell Extensions for The Font Creator Program" "{EBDF1F20-C829-1010-8233-0020AFCE97A9}"="iolo File Terminator" "{6EE51AA0-77A0-11D7-B4E1-000347126E46}"="Window Washer Shell Shredding Utility" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{CD652064-7A92-4767-844E-CF33B94CED23}"="AOEV Context Menu Shell Extension" "{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1" "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{9C8A2F1F-8B7D-46F9-843E-1A907BCA67D0}"="File and Folder Protector Context Menu Handler" "{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}"="" "{00B5EB2F-B259-4053-BE9F-CA1739285BD5}"="" "{F7C42E95-00B1-4DEC-A208-20DD7117D47C}"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\AutorunsDisabled] "{B057D231-6D70-4343-B9FC-4E54E2D5680D}"="" "{DDD7B0C4-F819-4642-BF24-C2632E4635D9}"="" "{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}"="" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}] @="" [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\InprocServer32] @="C:\\WINDOWS\\system32\\smesrv.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}] @="" [HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}\InprocServer32] @="C:\\WINDOWS\\system32\\wwnetmgr.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}] @="" [HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}\InprocServer32] @="C:\\WINDOWS\\system32\\llcalsec.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}] @="" [HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}\InprocServer32] @="C:\\WINDOWS\\system32\\wydmtp.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}] @="" [HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}\InprocServer32] @="C:\\WINDOWS\\system32\\mihcp.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}] @="" [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\InprocServer32] @="C:\\WINDOWS\\system32\\smesrv.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ aplib01.dll Mon 26 Dec 2005 10:54:34 ..S.R 235.529 230,01 K enr8l1~1.dll Mon 26 Dec 2005 16:19:40 ..S.R 235.209 229,70 K fppmon2.dll Mon 21 Nov 2005 10:45:10 ..... 299.008 292,00 K fppr232.dll Mon 21 Nov 2005 10:45:48 ..... 118.784 116,00 K gccoll~1.dll Tue 15 Nov 2005 12:12:08 A.... 126.680 123,71 K gcunco~1.dll Tue 15 Nov 2005 12:12:06 A.... 95.448 93,21 K gdi32.dll Thu 6 Oct 2005 4:21:54 A.... 260.608 254,50 K h04m0a~1.dll Tue 27 Dec 2005 23:56:32 ..S.R 234.248 228,76 K hashlib.dll Tue 15 Nov 2005 12:12:08 A.... 117.976 115,21 K hrj005~1.dll Thu 29 Dec 2005 22:39:08 ..S.R 233.630 228,15 K i6nm0g~1.dll Fri 30 Dec 2005 12:34:04 ..S.R 233.786 228,30 K llcalsec.dll Thu 29 Dec 2005 22:35:08 ..S.R 233.630 228,15 K mcinsctl.dll Tue 18 Oct 2005 11:08:04 A.... 349.760 341,56 K mshtml.dll Tue 4 Oct 2005 12:34:58 A.... 2.700.288 2,57 M smesrv.dll Fri 30 Dec 2005 12:34:04 ..S.R 233.630 228,15 K wwnetmgr.dll Mon 26 Dec 2005 14:11:38 ..S.R 235.209 229,70 K 16 items found: 16 files (8 H/S), 0 directories. Total of file sizes: 5.943.423 bytes 5,67 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Het volume in station C heeft geen naam. Het volumenummer is 2006-F7F2 Map van C:\WINDOWS\System32 30-12-05 12:48 <DIR> .. 30-12-05 12:48 <DIR> . 30-12-05 12:34 233.630 smesrv.dll 30-12-05 12:34 233.786 i6nm0g51e6.dll 29-12-05 22:39 233.630 hrj0051me.dll 29-12-05 22:35 233.630 llcalsec.dll 29-12-05 22:33 <DIR> dllcache 27-12-05 23:56 234.248 h04m0ah1ed4.dll 26-12-05 16:19 235.209 enr8l19u1.dll 26-12-05 14:11 235.209 wwnetmgr.dll 26-12-05 10:54 235.529 aplib01.dll 23-10-02 22:02 <DIR> Microsoft 8 bestand(en) 1.874.871 bytes 4 map(pen) 42.169.151.488 bytes beschikbaar en de nieuwe log van HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 12:52:35, on 30-12-05 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Nhksrv.exe C:\Program Files\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\DELLMMKB.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\System32\devldr32.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe c:\program files\mcafee.com\agent\mcagent.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\WINDOWS\System32\rundll32.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Speed Disk\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\wincmd\WINCMD32.EXE c:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\NetTransport\NTAddList.html O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\NetTransport\NTAddLink.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121163982240 O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\hrj0051me.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\BlueSoleil\BTNtService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
  • Hallo, Sluit alle openstaande programma's. Dubbelklik op l2mfix.bat. Klik op "2" om optie 2 te selecteren: Run Fix. Druk op Enter. De iconen op je bureaublad zullen verdwijnen en de L2Mfix gaat je computer scannen. Als het scannen klaar is, zal de computer aangeven dat hij opnieuw gaat opstarten. Druk op Enter en de pc zal automatisch herstarten. Als de computer opnieuw gestart is, opent er een kladblokbestandje. Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Beste hulpverlener, Wederom instructies uitgevoerd met volgende resultaat: L2mfix Beta 122705 Creating Account. De opdracht is voltooid. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 368 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 480 'winlogon.exe' Killing PID 480 'winlogon.exe' Killing PID 480 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1176 'explorer.exe' Killing PID 1176 'explorer.exe' Killing PID 1176 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1064 'rundll32.exe' Killing PID 1648 'rundll32.exe' Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! moving: C:\WINDOWS\system32\aplib01.dll Successfully Moved: C:\WINDOWS\system32\aplib01.dll moving: C:\WINDOWS\system32\enr8l19u1.dll Successfully Moved: C:\WINDOWS\system32\enr8l19u1.dll moving: C:\WINDOWS\system32\h04m0ah1ed4.dll Successfully Moved: C:\WINDOWS\system32\h04m0ah1ed4.dll moving: C:\WINDOWS\system32\hrj0051me.dll Successfully Moved: C:\WINDOWS\system32\hrj0051me.dll moving: C:\WINDOWS\system32\i6nm0g51e6.dll Successfully Moved: C:\WINDOWS\system32\i6nm0g51e6.dll moving: C:\WINDOWS\system32\llcalsec.dll Successfully Moved: C:\WINDOWS\system32\llcalsec.dll moving: C:\WINDOWS\system32\smesrv.dll Successfully Moved: C:\WINDOWS\system32\smesrv.dll moving: C:\WINDOWS\system32\wwnetmgr.dll Successfully Moved: C:\WINDOWS\system32\wwnetmgr.dll Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\hrj0051me.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** C:\WINDOWS\system32\aplib01.dll C:\WINDOWS\system32\enr8l19u1.dll C:\WINDOWS\system32\h04m0ah1ed4.dll C:\WINDOWS\system32\hrj0051me.dll C:\WINDOWS\system32\i6nm0g51e6.dll C:\WINDOWS\system32\llcalsec.dll C:\WINDOWS\system32\smesrv.dll C:\WINDOWS\system32\wwnetmgr.dll Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}] @="" [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\InprocServer32] @="C:\\WINDOWS\\system32\\smesrv.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}] @="" [HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}\InprocServer32] @="C:\\WINDOWS\\system32\\wwnetmgr.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}] @="" [HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}\InprocServer32] @="C:\\WINDOWS\\system32\\llcalsec.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}] @="" [HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}\InprocServer32] @="C:\\WINDOWS\\system32\\wydmtp.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}] @="" [HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}\InprocServer32] @="C:\\WINDOWS\\system32\\mihcp.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}] @="" [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\InprocServer32] @="C:\\WINDOWS\\system32\\smesrv.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}"=- "{00B5EB2F-B259-4053-BE9F-CA1739285BD5}"=- "{F7C42E95-00B1-4DEC-A208-20DD7117D47C}"=- "{B057D231-6D70-4343-B9FC-4E54E2D5680D}"=- "{DDD7B0C4-F819-4642-BF24-C2632E4635D9}"=- "{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}"=- [-HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}] [-HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}] [-HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}] [-HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}] [-HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}] [-HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/aplib01.dll (124 bytes security) (deflated 5%) adding: dlls/enr8l19u1.dll (124 bytes security) (deflated 5%) adding: dlls/h04m0ah1ed4.dll (124 bytes security) (deflated 4%) adding: dlls/hrj0051me.dll (124 bytes security) (deflated 4%) adding: dlls/i6nm0g51e6.dll (124 bytes security) (deflated 4%) adding: dlls/llcalsec.dll (124 bytes security) (deflated 4%) adding: dlls/smesrv.dll (124 bytes security) (deflated 4%) adding: dlls/wwnetmgr.dll (124 bytes security) (deflated 5%) adding: backregs/00B5EB2F-B259-4053-BE9F-CA1739285BD5.reg (188 bytes security) (deflated 70%) adding: backregs/3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9.reg (188 bytes security) (deflated 70%) adding: backregs/B057D231-6D70-4343-B9FC-4E54E2D5680D.reg (188 bytes security) (deflated 70%) adding: backregs/DDD7B0C4-F819-4642-BF24-C2632E4635D9.reg (188 bytes security) (deflated 70%) adding: backregs/F7C42E95-00B1-4DEC-A208-20DD7117D47C.reg (188 bytes security) (deflated 70%) adding: backregs/notibac.reg (164 bytes security) (deflated 63%) adding: backregs/shell.reg (164 bytes security) (deflated 66%) =========================================================================================================================== Logfile of HijackThis v1.99.1 Scan saved at 15:45:46, on 30-12-05 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\DELLMMKB.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\BlueSoleil\BTNtService.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe c:\program files\mcafee.com\agent\mcagent.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\rundll32.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Speed Disk\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\wuauclt.exe c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\wincmd\WINCMD32.EXE c:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\NetTransport\NTAddList.html O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\NetTransport\NTAddLink.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller .exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121163982240 O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\hrj0051me.dll (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\BlueSoleil\BTNtService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe ================================================================================================ Het valt me nu op dat ik -sinds ik online ben- voor het eerst nog geen popups heb gehad. Zijn we er nu of moet er nog iets gebeuren? Weer met alle dank!
  • Zeg maar Marc hoor. L2M logje ziet er goed uit. Het hijackthislogje is moeilijk leesbaar zo. Kan je dit even doen: Ga naar Start - Uitvoeren en tik in: notepad.exe Klik op OK. Ga in Kladblok naar Opmaak, en haal het vinkje voor "Automatische terugloop" weg. Sluit Notepad terug af. Maak een nieuwe HijackThislog. Post deze.
  • Beste Marc, Sorry, ik had deze keer de twee files in NoteTab aan elkaar geplakt en die staat standaard op autom. omloop. SInds mijn laatste bericht staat de machine nog steeds online en nog steeds geen popups verschenen. Nog een keer het log-filetje: Logfile of HijackThis v1.99.1 Scan saved at 15:45:46, on 30-12-05 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\DELLMMKB.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\BlueSoleil\BTNtService.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe c:\program files\mcafee.com\agent\mcagent.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\rundll32.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Speed Disk\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\wuauclt.exe c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\wincmd\WINCMD32.EXE c:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\NetTransport\NTAddList.html O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\NetTransport\NTAddLink.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121163982240 O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\hrj0051me.dll (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\BlueSoleil\BTNtService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
  • Dit leest een stuk makkelijker. Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:733c8634bb]O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\hrj0051me.dll (file missing)[/b:733c8634bb] Klik daarna op "Fix checked" en sluit HijackThis af. Herstart de computer. Start HijackThis opnieuw, maak een nieuwe log en post deze. Ik denk inderdaad dat de problemen opgelost zijn.
  • Hoi Marc, Aldus geschiedde. Hierbij weer het logje: Logfile of HijackThis v1.99.1 Scan saved at 17:15:03, on 30-12-05 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\DELLMMKB.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\System32\devldr32.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\rundll32.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Speed Disk\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\wincmd\WINCMD32.EXE c:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\NetTransport\NTAddList.html O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\NetTransport\NTAddLink.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121163982240 O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\BlueSoleil\BTNtService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe Nog steeds geen popups....fantastisch!!
  • Logje ziet er goed uit hoor. Als alle problemen opgelost zijn, doe je dit nog even: Wis alle bestaande systeemherstelpunten. Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in. [url=http://users.pandora.be/marcvn/spyware/1852808.htm]Systeemherstel uitschakelen[/url]. Nog wat tips: Bezoek regelmatig de [url=http://www.windowsupdate.com]Windows Update Site[/url]. Alleen zo ben je zeker dat je de nieuwste patches voor je besturingssysteem geïnstalleerd hebt. Als er nieuwe updates beschikbaar zijn, dan dowload en installeer je alle essentiële updates en service packs. Reboot je computer en controleer opnieuw. Herhaal deze procedure tot dat er geen essentiële updates meer zijn. Installeer ook [url=http://www.javacoolsoftware.com/spywareblaster.html]SpywareBlaster[/url] en [url=http://www.javacoolsoftware.com/spywareguard.html]Spywareguard[/url]. Gebruik je de laatste versie van Spybot Search & Destroy, en je maakt gebruik van de realtime protectie TeaTimer, dan moet je Spywareguard niet installeren. Meer info over hoe je een nieuwe infectie kan voorkomen vind je [url=http://users.pandora.be/marcvn/spyware/1564073.htm]hier[/url]. Happy surfing again.
  • Beste Marc, Alle problemen lijken inderdaad verholpen, er zijn althans de hele middag geen popups meer geweest. De machine lijkt ook weer zijn oude snelheid terug te hebben (voor zover die er nog was). Ik vind het grandioos dat je me zo fantastisch hebt geholpen. Dit was het eerste probleem in 10 jaar waar ik niet meer zelf uitkwam. Ik dank je heel hartelijk voor je tijd en moeite. Ook zal ik je waardevolle tips ter harte nemen. Ik hoop je nooit meer nodig te hebben, maar mocht dat wel zo zijn dan hoop ik weer iemand te treffen die net zo spontaan, doelmatig en ook zo snel helpt als jij. Een heel fijne jaarwisseling en alle goeds voor 2006.
  • Graag gedaan en voor jou ook prettige eindejaarsfeesten.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.