Vraag & Antwoord

Beveiliging & privacy

trojan vundo probleem

8 antwoorden
  • hallo, ik heb sinds dit weekend problemen van een een trojan, symantec geeft een melding maar kan het probleem niet oplossen, ik heb ook al een vundo-fix geprobeerd maar zonder resultaat... hopelijk kunnen jullie mij helpen. Scan type: Auto-Protect Scan Event: Threat Found! Threat: Trojan.Vundo File: C:\WINDOWS\system32\ljjhhfg.dll Location: C:\WINDOWS\system32 Computer: HENDRIK User: SYSTEM Action taken: Clean failed : Quarantine failed : Access denied Date found: maandag 5 november 2007 21:50:53 logje: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:37:09, on 5/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HPQ\One-Touch\OneTouch.EXE C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\system32\carpserv.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [04ae2345] rundll32.exe "C:\WINDOWS\system32\kdiajpdp.dll",b O4 - HKCU\..\Run: [LDM] \Program\ O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [kernel32.dll] C:\WINDOWS\system32\mssearchnet.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: SANTIS USB and PC Card Utility.lnk = C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029 O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\xrohjjom.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O18 - Protocol: bw+0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O22 - SharedTaskScheduler: Windows Update - {C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F} - C:\WINDOWS\system32\ioctrl.dll (file missing) O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
  • Verwijder via start --> configuratiescherm --> software: [b:314616d6ce]Logitech Desktop Messenger[/b:314616d6ce] Omdat deze de Hik heeft gekregen. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url] naar je [b:314616d6ce]bureaublad[/b:314616d6ce] Dubbelklik op [u:314616d6ce]combofix.exe[/u:314616d6ce] Kies voor "Continue" door [b:314616d6ce]1[/b:314616d6ce] te typen gevolgd door [b:314616d6ce]ENTER[/b:314616d6ce]. Tijdens het runnen van de fix, [b:314616d6ce]NIET[/b:314616d6ce] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:314616d6ce]combofix.txt[/b:314616d6ce] openen. Bewaar dit logje. [i:314616d6ce]NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.[/i:314616d6ce] Plaats in je volgende antwoord het logje van combofix ([i:314616d6ce]combofix.txt[/i:314616d6ce]) tesamen met een vers Hijackthis log. Pim
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:34:02, on 6/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HPQ\One-Touch\OneTouch.EXE C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\system32\carpserv.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: {ea443c2e-c68d-36a8-b454-e6287fbd8282} - {2828dbf7-826e-454b-8a63-d86ce2c344ae} - C:\WINDOWS\system32\njogrkde.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {995CC12B-C6F1-8AD0-7544-3533DC1AA562} - C:\DOCUME~1\ADMINI~1\APPLIC~1\GLUEDE~1\Plus Global.exe (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: SysApp - {F63F9C76-830D-13DC-8324-3F03201C9A6C} - C:\Program Files\Sys-App\ie-improver.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [04ae2345] rundll32.exe "C:\WINDOWS\system32\ulmvwgkg.dll",b O4 - HKCU\..\Run: [LDM] \Program\ O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: SANTIS USB and PC Card Utility.lnk = C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029 O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\xrohjjom.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O18 - Protocol: bw+0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: dgchykdu - dgchykdu.dll (file missing) O22 - SharedTaskScheduler: Windows Update - {C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F} - C:\WINDOWS\system32\ioctrl.dll (file missing) O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg ------ ComboFix 07-11-05.2 - Administrator 2007-11-06 10:07:10.1 - NTFSx86 Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\N97GSVNR\iforex.com C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\N97GSVNR\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\Documents and Settings\Administrator\Bureaublad\Live Safety Center.lnk C:\Documents and Settings\Administrator\Bureaublad\Online Security Guide.lnk C:\Documents and Settings\Administrator\Favorieten\Online Security Guide.lnk C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk C:\WINDOWS\cookies.ini C:\WINDOWS\system32\~.exe C:\WINDOWS\system32\ajwckofu.dll C:\WINDOWS\system32\dgchykdu.dllbox C:\WINDOWS\system32\ewqlinmb.dll C:\WINDOWS\system32\f3PSSavr.scr C:\WINDOWS\system32\ljjhhfg.dll C:\WINDOWS\system32\psvut.bak1 C:\WINDOWS\system32\psvut.bak2 C:\WINDOWS\system32\psvut.ini C:\WINDOWS\system32\sysdl132.exe C:\WINDOWS\system32\tuvsp.dll C:\WINDOWS\system32\uqwyfreb.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService (((((((((((((((((((( Bestanden Gemaakt van 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))) . 2007-11-06 10:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-05 21:51 85,568 --a------ C:\WINDOWS\system32\ulmvwgkg.dll 2007-11-05 21:48 83,008 --a------ C:\WINDOWS\system32\njogrkde.dll 2007-11-05 21:47 340,032 --a------ C:\WINDOWS\system32\urwqsjkb.dll 2007-11-05 21:31 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-05 19:37 <DIR> d-------- C:\VundoFix Backups 2007-11-04 21:50 78,912 --a------ C:\WINDOWS\system32\awnkhjtt.dll 2007-11-04 21:47 86,080 --a------ C:\WINDOWS\system32\kdiajpdp.dll 2007-11-01 22:49 <DIR> d-------- C:\Program Files\T-Splines for Rhino 2007-11-01 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TSplines 2007-11-01 21:35 <DIR> d-------- C:\Program Files\Rhinoceros 4.0 2007-11-01 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McNeel 2007-11-01 11:24 <DIR> d--h----- C:\Program Files\Sys-App 2007-10-31 22:50 <DIR> d-------- C:\Program Files\PCFriendly 2007-10-31 22:50 298,496 --a------ C:\WINDOWS\uninst.exe 2007-10-31 22:50 78,848 --a------ C:\WINDOWS\system32\INLOADER.DLL 2007-10-27 11:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Joost 2007-10-27 11:15 <DIR> d-------- C:\Program Files\Joost 2007-10-10 08:55 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-06 09:25 --------- d-----w C:\Program Files\Symantec AntiVirus 2007-11-05 21:07 --------- d-----w C:\Program Files\Common Files\Real 2007-11-02 20:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype 2007-10-31 11:29 --------- d-----w C:\Program Files\PartyGaming 2007-10-31 11:26 --------- d-----w C:\Program Files\MSN Messenger 2007-10-29 07:03 836 ----a-w C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat 2007-10-27 19:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2007-10-27 10:55 --------- d-----w C:\Program Files\Java . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2828dbf7-826e-454b-8a63-d86ce2c344ae}] 2007-11-05 21:48 83008 --a------ C:\WINDOWS\system32\njogrkde.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{995CC12B-C6F1-8AD0-7544-3533DC1AA562}] C:\DOCUME~1\ADMINI~1\APPLIC~1\GLUEDE~1\Plus Global.exe [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F63F9C76-830D-13DC-8324-3F03201C9A6C}] 2007-11-01 11:24 95232 --a------ C:\Program Files\Sys-App\ie-improver.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-02-26 15:25] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 16:29] "PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 06:05] "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 22:34] "Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 05:26] "QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2003-01-30 23:53] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-14 13:56] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-14 13:56] "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 11:28] "CARPService"="carpserv.exe" [2003-05-21 14:35 C:\WINDOWS\system32\carpserv.exe] "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 09:50] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-02 12:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 14:16] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 17:02] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 13:19] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "04ae2345"="C:\WINDOWS\system32\ulmvwgkg.dll" [2007-11-05 21:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="\Program\" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03] C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\ palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2005-02-11 12:44:58] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-12 20:15:35] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-24 22:35:22] DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2005-09-10 14:42:15] HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 13:16:08] hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-02-09 12:13:39] Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-05-02 18:00:41] Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-05-02 18:00:29] SANTIS USB and PC Card Utility.lnk - C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe [2003-04-02 21:05:28] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"= C:\WINDOWS\system32\ioctrl.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dgchykdu] dgchykdu.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\tuvsp.dll R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\aliirda.sys R3 ATMEL WinXP PCMCIAFVNETR (2ARC)(R);ATMEL WinXP PCMCIAFVNETR (2ARC)(R) Service for SANTIS WLAN PC Card;C:\WINDOWS\system32\DRIVERS\fvnetr51.sys R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.SYS R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS S3 ATMEL FVNETusbASKEY (AR)(R);ATMEL FVNETusbASKEY (AR)(R) Service for SANTIS WLAN USB Adapter;C:\WINDOWS\system32\DRIVERS\vnetusbk.sys S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\System32\drivers\CDANT.SYS S3 CE3;Xircom Ethernet-adapter 10/100-service;C:\WINDOWS\system32\DRIVERS\ce3n5.sys S3 musbehco;musbehco;\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\musbehco.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Inhoud van de 'Gedeelde Taken' map "2007-11-06 09:00:01 C:\WINDOWS\Tasks\AC3F179091848A7C.job" - c:\docume~1\admini~1\applic~1\extrai~1\Thatchinfork.exe "2004-04-24 09:43:07 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1067808112.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe "2007-11-06 06:43:20 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-06 10:29:17 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????????h????????? ??3B?????????????T?B? ?????? scannen van verborgen bestanden ... ************************************************************************** . Voltooingstijd: 2007-11-06 10:32:53 - machine was rebooted . --- E O F ---
  • Start Hijackthis, kies voor 'do a system scan only' en vink onderstaande regels aan: [b:f885a23fa9] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: {ea443c2e-c68d-36a8-b454-e6287fbd8282} - {2828dbf7-826e-454b-8a63-d86ce2c344ae} - C:\WINDOWS\system32\njogrkde.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {995CC12B-C6F1-8AD0-7544-3533DC1AA562} - C:\DOCUME~1\ADMINI~1\APPLIC~1\GLUEDE~1\Plus Global.exe (file missing) O4 - HKLM\..\Run: [04ae2345] rundll32.exe "C:\WINDOWS\system32\ulmvwgkg.dll",b O4 - HKCU\..\Run: [LDM] \Program\ O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\xrohjjom.exe O20 - Winlogon Notify: dgchykdu - dgchykdu.dll (file missing) [/b:f885a23fa9] Sluit alle openstaande vensters, behalve Hijackthis en klik op Fix checked. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:f885a23fa9] File:: C:\WINDOWS\system32\ulmvwgkg.dll C:\WINDOWS\system32\njogrkde.dll C:\WINDOWS\system32\urwqsjkb.dll C:\WINDOWS\system32\awnkhjtt.dll C:\WINDOWS\system32\kdiajpdp.dll C:\WINDOWS\Tasks\AC3F179091848A7C.job Folder:: C:\VundoFix Backups C:\Program Files\PartyGaming\PartyPoker C:\Program Files\Sys-App Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2828dbf7-826e-454b-8a63-d86ce2c344ae}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{995CC12B-C6F1-8AD0-7544-3533DC1AA562}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F63F9C76-830D-13DC-8324-3F03201C9A6C}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dgchykdu] [/b:f885a23fa9] Sla dit op op je Bureaublad als [b:f885a23fa9]CFScript.txt[/b:f885a23fa9] Sleep [b:f885a23fa9]CFScript.txt[/b:f885a23fa9] in [b:f885a23fa9]ComboFix.exe[/b:f885a23fa9] zoals getoond in onderstaand voorbeeld : [img:f885a23fa9]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:f885a23fa9] Dit zal [b:f885a23fa9]ComboFix[/b:f885a23fa9] doen herstarten. Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje. Pim :)
  • hey, ik heb gelijk de indruk dat het al allemaal veel beter werkt alvast bedankt! ComboFix 07-11-05.2 - Administrator 2007-11-06 13:10:03.2 - NTFSx86 Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE:: C:\WINDOWS\system32\awnkhjtt.dll C:\WINDOWS\system32\kdiajpdp.dll C:\WINDOWS\system32\njogrkde.dll C:\WINDOWS\system32\ulmvwgkg.dll C:\WINDOWS\system32\urwqsjkb.dll C:\WINDOWS\Tasks\AC3F179091848A7C.job . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\PartyGaming\PartyPoker C:\Program Files\PartyGaming\PartyPoker\Images\system_but_bingo.jpg C:\Program Files\PartyGaming\PartyPoker\Images\system_but_gammon.jpg C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\10437.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\10749.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\10751.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\10753.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\12741.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\12743.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\12815.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\12821.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\2.html C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\4.html C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\46346.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\46374.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\46390.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48248.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48252.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48260.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48262.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48298.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48340.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48364.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48368.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48372.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48478.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48484.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\48514.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\6331.html C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\6333.html C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\8321.atc C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\8325.atc C:\Program Files\PartyGaming\PartyPoker\Notes.txt C:\Program Files\PartyGaming\PartyPoker\PokerTrainer.exe C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_alerie.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_amela.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_aomi.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_arion.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_aron.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_arren.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_ason.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_elley.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_enny.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_hawn.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_hristine.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_ill.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_im.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_nthony.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_olleen.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_ord.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_raham.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_ryce.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_uane.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\_urt.omf C:\Program Files\PartyGaming\PartyPoker\PokerTrainer\hendrik_1985.omf C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe C:\Program Files\PartyGaming\PartyPoker\usertab.txt C:\Program Files\Sys-App C:\Program Files\Sys-App\bho.dat C:\Program Files\Sys-App\er.dat C:\Program Files\Sys-App\ie-improver.dll C:\Program Files\Sys-App\uninstall.exe C:\VundoFix Backups C:\WINDOWS\system32\awnkhjtt.dll C:\WINDOWS\system32\kdiajpdp.dll C:\WINDOWS\system32\njogrkde.dll C:\WINDOWS\system32\ulmvwgkg.dll C:\WINDOWS\Tasks\AC3F179091848A7C.job . (((((((((((((((((((( Bestanden Gemaakt van 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))) . 2007-11-06 10:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-05 21:31 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-01 22:49 <DIR> d-------- C:\Program Files\T-Splines for Rhino 2007-11-01 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TSplines 2007-11-01 21:35 <DIR> d-------- C:\Program Files\Rhinoceros 4.0 2007-11-01 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McNeel 2007-10-31 22:50 <DIR> d-------- C:\Program Files\PCFriendly 2007-10-31 22:50 298,496 --a------ C:\WINDOWS\uninst.exe 2007-10-31 22:50 78,848 --a------ C:\WINDOWS\system32\INLOADER.DLL 2007-10-27 11:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Joost 2007-10-27 11:15 <DIR> d-------- C:\Program Files\Joost 2007-10-10 08:55 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-06 12:14 --------- d-----w C:\Program Files\Symantec AntiVirus 2007-11-06 12:13 --------- d-----w C:\Program Files\PartyGaming 2007-11-05 21:07 --------- d-----w C:\Program Files\Common Files\Real 2007-11-02 20:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype 2007-10-31 11:26 --------- d-----w C:\Program Files\MSN Messenger 2007-10-29 07:03 836 ----a-w C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat 2007-10-27 19:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2007-10-27 10:55 --------- d-----w C:\Program Files\Java . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-02-26 15:25] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 16:29] "PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 06:05] "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 22:34] "Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 05:26] "QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2003-01-30 23:53] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-14 13:56] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-14 13:56] "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 11:28] "CARPService"="carpserv.exe" [2003-05-21 14:35 C:\WINDOWS\system32\carpserv.exe] "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 09:50] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-02 12:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 14:16] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 17:02] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 13:19] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03] "LDM"="\Program\" [] C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\ palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2005-02-11 12:44:58] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-12 20:15:35] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-24 22:35:22] DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2005-09-10 14:42:15] HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 13:16:08] hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-02-09 12:13:39] Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-05-02 18:00:41] Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-05-02 18:00:29] SANTIS USB and PC Card Utility.lnk - C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe [2003-04-02 21:05:28] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Inhoud van de 'Gedeelde Taken' map "2004-04-24 09:43:07 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1067808112.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe "2007-11-06 10:43:32 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-06 13:17:38 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????????h????????? ??3B?????????????T?B? ?????? scannen van verborgen bestanden ... ************************************************************************** . Voltooingstijd: 2007-11-06 13:21:25 - machine was rebooted C:\ComboFix2.txt ... 2007-11-06 10:32 . --- E O F --- ------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:52:50, on 6/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\Program Files\HPQ\One-Touch\OneTouch.EXE C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\system32\carpserv.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] \Program\ O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: SANTIS USB and PC Card Utility.lnk = C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O18 - Protocol: bw+0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {4BE03307-A400-47E3-B7A6-A6EAD68EFD97} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
  • Onderstaande regel mag je fixen met Hijackthis: [b:8686b307c9] O4 - HKCU\..\Run: [LDM] \Program\ [/b:8686b307c9] Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF Cleaner ( van Atribune)[/url] Dubbelklik op [b:8686b307c9]ATF cleaner[/b:8686b307c9] om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij Select All. Haal het vinkje weg bij Prefetch. Klik op de knop Empty Selected. Gebruik je ook [b:8686b307c9]Firefox[/b:8686b307c9] als browser: Klik op tabblad "Firefox", plaats een vinkje bij Select All. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit verwijdert het vinkje bij "Firefox saved passwords") Klik op de knop Empty Selected. Gebruik je ook [b:8686b307c9]Opera[/b:8686b307c9] als browser: Klik op tabblad "Opera", plaats een vinkje bij Select All. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop Empty Selected. Ga naar het tabblad "Main" en klik op de knop [b:8686b307c9]Exit[/b:8686b307c9] om het programma af te sluiten. Hoe is het met je problemen? Pim
  • ja het virus geeft geen problemen meer op mijn pc en dalles draait weer zoals het zou moeten. (geen foutmeldingen, geen pop-ups) hartelijk bedankt!
  • Graag gedaan! :) Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in. [url=http://users.pandora.be/marcvn/spyware/1852808.htm]Kijk hier hoe je je systeemherstel moet uitschakelen.[/url] Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel. Lees om herhaling te voorkomen deze beveiligingstips nog eens door: http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html Pim

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.