Vraag & Antwoord

Beveiliging & privacy

Newdotnet en CiD popups

12 antwoorden
  • Allow Graag hulp om een laptop spywarevrij te krijgen. Bij het opstarten komt er een error van newdotnet op, en er komen constant popups van CiD. Het is de computer van een kennis die nogal veel gratis games enz zoekt... :? Ik heb hitmanpro eens laten lopen, en nadien nog eens ad-aware, spybot en cwshredder. Maar deze 2 problemen blijven dus... Ik heb wel al wat forums afgezocht maar probleem nog niet opgelost. Van newdotnet staat er trouwens geen mapje meer in program files. En de CiD popups zijn door spybot denk ik al half geblokkeerd, de popups zijn nu leeg (wit). Hierbij de Hijakthis logfile. Alvast bedankt! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:47:00, on 9/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\SurfRight\Caretaker\CaretakerService.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Spybot - S&D\TeaTimer.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\MAGENTIC\bin\MgApp.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Antiy Auto Update] C:\Program Files\Antiy Labs\Alive\AliveCenter0.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\iso cast.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\charlie\APPLIC~1\ELSEPL~1\AXISNEW.exe O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - S&D\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: bw+0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 21001 bytes
  • Hoi Juul, Download dit bestand: [url=http://home.hetnet.nl/~stefsmeenk/tools/deljob.exe][b:2ce67bcf34]Deljob.exe[/b:2ce67bcf34][/url] Plaats het op je bureaublad. Indien je virusscanner de download van deljob.exe blokkeert, schakel dan tijdelijk je virusscanner uit of download de zip-versie [url=http://members.lycos.nl/deljob/deljob.zip][b:2ce67bcf34]deljob.zip[/b:2ce67bcf34][/url] en pak deze uit naar je Bureaublad. Dubbelklik [b:2ce67bcf34]Deljob.exe[/b:2ce67bcf34]. Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad. Post de inhoud van [b:2ce67bcf34]logit.txt[/b:2ce67bcf34] in je volgende bericht. Probeer de volgende mogelijke manieren om New.net te verwijderen, in deze volgorde: 1) Ga naar Configuratiescherm > Software. Kijk of [b:2ce67bcf34]New.net Domains[/b:2ce67bcf34] of [b:2ce67bcf34]New.net Application[/b:2ce67bcf34] in de softwarelijst staat en, zo ja, deïnstalleer dit. Staat het niet in de softwarelijst of lukt het deïnstalleren niet, ga dan naar 2). 2) Kijk in de map C:\Program Files\NewDotNet of daarin een uninstaller staat. Die uninstaller heet [b:2ce67bcf34]uninstallX_XX.exe[/b:2ce67bcf34] (waarbij de X'en staan voor cijfers). Zo ja, dubbelklik daarop om New.net te verwijderen. Lukt het op deze manier niet, ga dan naar 3). 3) Kijk in de map C:\Windows of daarin een unistaller staat. Die uninstaller heet [b:2ce67bcf34]NDNuninstallx_xx.exe[/b:2ce67bcf34] (waarbij de X'en staan voor cijfers). Zo ja, dubbelklik daarop om New.net te verwijderen. Lukt het op deze manier niet, ga dan naar 4). 4) Download [url=http://www.new.net/support/NNuninstall.exe]deze uninstaller[/url], plaats het op je bureablad. Dubbelklik op [b:2ce67bcf34]NNuninstall.exe[/b:2ce67bcf34], dat nu op je bureaublad staat, om New.net te verwijderen. Na het verwijderen van New.net, moet de pc opnieuw worden opgestart. Maak daarna een nieuw HijackThis-log en plaats dat hier samen met het logje van Deljob. Pim
  • Bedankt voor vlugge reactie! Ik heb ondertussen nog een full system scan met nod32 gedaan en een paar restarts. En de newdotnet uninstaller gedraaid ook. De error is weg en voorlopig nog geen CiD popups gekregen. Hier nog de gevraagde logs. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:56:15, on 9/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\MAGENTIC\bin\MgApp.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Antiy Auto Update] C:\Program Files\Antiy Labs\Alive\AliveCenter0.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\iso cast.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\charlie\APPLIC~1\ELSEPL~1\AXISNEW.exe O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: bw+0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll (file missing) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe -- End of file - 19471 bytes En die van deljob. -------------------------------------------------------- File(s) moved to C:\deljob A9C81B8D918B936D.job -------------------------------------------------------- Files remaining after cleaning AppleSoftwareUpdate.job -------------------------------------------------------- App data folders De volumenaam van station C is ACER Het volumenummer is 320D-180E Map van C:\Documents and Settings\charlie\Application Data 28/05/2006 01:46 <DIR> . 28/05/2006 01:46 <DIR> .. 06/08/2005 18:28 <DIR> IDENTI~1 Identities 06/08/2005 18:12 <DIR> MICROS~1 Microsoft 27/05/2006 20:07 <DIR> MACROM~1 Macromedia 27/05/2006 20:08 <DIR> SYMANTEC Symantec 28/05/2006 14:07 <DIR> CYBERL~1 CyberLink 15/06/2006 22:34 <DIR> ADOBE Adobe 27/06/2006 20:51 <DIR> HELP Help 04/07/2006 21:12 <DIR> ZYLOM Zylom 05/07/2006 21:18 <DIR> PLAYFI~1 PlayFirst 06/07/2006 09:14 <DIR> SUN Sun 15/08/2006 09:22 <DIR> ADOBEUM AdobeUM 15/08/2006 11:07 <DIR> WILDFIRE Wildfire 25/08/2006 21:46 <DIR> SCANSOFT ScanSoft 26/08/2006 21:30 <DIR> CANON Canon 05/09/2006 20:11 <DIR> ARCSOFT ArcSoft 15/09/2006 20:12 <DIR> XNVIEW XnView 21/09/2006 18:19 <DIR> APPLEC~1 Apple Computer 08/10/2006 17:22 <DIR> CD-LAB~1 CD-LabelPrint 03/05/2007 18:08 <DIR> ELSEPL~1 Else plus 22/06/2007 12:56 <DIR> hln 08/08/2007 20:31 <DIR> SECUROM SecuROM 20/10/2007 16:12 <DIR> SURFRI~1 SurfRight 07/11/2007 21:55 <DIR> LAVASOFT Lavasoft 07/11/2007 23:17 <DIR> GOOGLE Google 0 bestand(en) 0 bytes 26 map(pen) 4.627.300.352 bytes beschikbaar De volumenaam van station C is ACER Het volumenummer is 320D-180E Map van C:\Documents and Settings\All Users\Application Data 28/05/2006 01:34 <DIR> . 28/05/2006 01:34 <DIR> .. 06/08/2005 18:12 <DIR> MICROS~1 Microsoft 04/07/2006 21:12 <DIR> ZYLOM Zylom 04/07/2006 21:18 <DIR> SANDLO~1 Sandlot Games 05/07/2006 21:18 <DIR> PLAYFI~1 PlayFirst 25/08/2006 21:46 <DIR> SSSCAN~1 SSScanAppDataDir 25/08/2006 21:46 <DIR> SSSCAN~2 SSScanWizard 28/08/2006 19:26 <DIR> WINDOW~1 Windows Genuine Advantage 19/09/2006 19:07 <DIR> CANONBJ CanonBJ 21/09/2006 18:17 <DIR> APPLEC~1 Apple Computer 18/10/2006 19:48 <DIR> NTIDVD~1 NtiDvdCopy 30/10/2006 12:49 <DIR> AVERY Avery 02/02/2007 21:29 <DIR> TEMP 03/05/2007 18:08 <DIR> INTRAK~1 Intra knob for aim 03/05/2007 18:09 <DIR> MESSEN~1 Messenger Plus! 20/05/2007 19:24 <DIR> SCANSOFT ScanSoft 03/08/2007 17:15 <DIR> LONGSL~1 Long slow road itch 03/08/2007 17:16 <DIR> 16NEWP~1 16 new ping long 02/09/2007 17:37 <DIR> APPLE Apple 29/09/2007 09:21 <DIR> ADOBE Adobe 20/10/2007 16:08 <DIR> SURFRI~1 SurfRight 29/10/2007 13:46 <DIR> UBISOFT Ubisoft 07/11/2007 21:49 <DIR> SPYBOT~1 Spybot - Search & Destroy 07/11/2007 21:52 <DIR> GOOGLE Google 07/11/2007 23:17 <DIR> PREVX Prevx 0 bestand(en) 0 bytes 26 map(pen) 4.627.300.352 bytes beschikbaar --------------------------------------------------------
  • Start Hijackthis, kies voor [i:6afa73c8f4]'Do a system scan only'[/i:6afa73c8f4] en vink onderstaande regels aan: [b:6afa73c8f4] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\iso cast.exe O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\charlie\APPLIC~1\ELSEPL~1\AXISNEW.exe O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll (file missing) [/b:6afa73c8f4] Sluit nu [u:6afa73c8f4]alle[/u:6afa73c8f4] openstaande vensters, behalve Hijackthis en klik op [b:6afa73c8f4]Fix Checked[/b:6afa73c8f4]. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:6afa73c8f4] Folder:: C:\Documents and Settings\charlie\Application Data\Else plus C:\Documents and Settings\All Users\Application Data\Long slow road itch C:\Documents and Settings\All Users\Application Data\Intra knob for aim C:\Documents and Settings\All Users\Application Data\new ping long File:: C:\WINDOWS\system32\rlai.dll [/b:6afa73c8f4] Sla dit op op je Bureaublad als [b:6afa73c8f4]CFScript.txt[/b:6afa73c8f4] Sleep [b:6afa73c8f4]CFScript.txt[/b:6afa73c8f4] in [b:6afa73c8f4]ComboFix.exe[/b:6afa73c8f4] zoals getoond in onderstaand voorbeeld : [img:6afa73c8f4]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:6afa73c8f4] Dit zal [b:6afa73c8f4]ComboFix[/b:6afa73c8f4] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:6afa73c8f4]Combofix.txt[/b:6afa73c8f4] in je volgende antwoord samen met een nieuw HijackThislogje. Succes! Pim
  • Bedankt alweer. Ondertussen bleek de CiD popup al terug... Hier de gevraagde logjes. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:16:51, on 10/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\PROGRA~1\MAGENTIC\bin\MgApp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Antiy Auto Update] C:\Program Files\Antiy Labs\Alive\AliveCenter0.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: bw+0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {E9227E1C-12AB-40C9-8F12-79FAD0AD7689} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe -- End of file - 19044 bytes En combofix... ComboFix 07-11-08.1 - charlie 2007-11-10 13:01:56.1 - [color=red:bb6a7d0b67][b:bb6a7d0b67]FAT32[/b:bb6a7d0b67][/color:bb6a7d0b67]x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.137 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\charlie\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\charlie\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE C:\WINDOWS\system32\rlai.dll . Onmogelijk Systeem Rechten te verkrijgen (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Intra knob for aim C:\Documents and Settings\All Users\Application Data\Intra knob for aim\burnsetup.exe C:\Documents and Settings\All Users\Application Data\Intra knob for aim\fordabout.exe C:\Documents and Settings\All Users\Application Data\Long slow road itch\iso cast.exe C:\Documents and Settings\charlie\Application Data\Else plus C:\Documents and Settings\charlie\Application Data\Else plus\[u:bb6a7d0b67]0[/u:bb6a7d0b67] C:\Documents and Settings\charlie\Application Data\Else plus\AXISNEW.exe C:\Documents and Settings\charlie\Application Data\Else plus\eaapcrhr.exe C:\Documents and Settings\charlie\Application Data\Else plus\jivgxdgc.exe C:\Documents and Settings\charlie\Application Data\Else plus\JoyPokeForkBlue.exe C:\Documents and Settings\charlie\Application Data\Else plus\jpmnmeuz.exe C:\Documents and Settings\charlie\Application Data\Else plus\lmrjahpy.exe C:\Documents and Settings\charlie\Application Data\Else plus\mrdgohfb.exe C:\Documents and Settings\charlie\Application Data\Else plus\Thunkdeafgreat.exe C:\Documents and Settings\charlie\Application Data\Else plus\txufxmtr.exe C:\Documents and Settings\charlie\Application Data\Else plus\xfgfaqkv.exe C:\Program Files\Common Files\companion wizard C:\Program Files\Common Files\Companion Wizard\compwiz.exe C:\WINDOWS\Fonts\acrsecI.fon C:\WINDOWS\system32\ldpackage.dll C:\WINDOWS\system32\model.dat C:\WINDOWS\system32\rlai.dll C:\WINDOWS\system32\silc_dll.dll C:\WINDOWS\system32\stera.log C:\Documents and Settings\All Users\Application Data\Long slow road itch . (((((((((((((((((((( Bestanden Gemaakt van 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))) . 2007-11-10 12:59 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-09 18:43 <DIR> dr-h----- C:\Documents and Settings\charlie\Onlangs geopend 2007-11-09 14:44 <DIR> d-------- C:\deljob 2007-11-09 11:08 <DIR> d-------- C:\Program Files\Spybot - S&D 2007-11-08 23:16 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-08 22:27 <DIR> d-------- C:\Program Files\Else plus 2007-11-07 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-11-07 21:55 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\Lavasoft 2007-11-07 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-07 21:48 <DIR> d-------- C:\Program Files\Lavasoft 2007-11-07 21:13 <DIR> d-------- C:\Program Files\CCleaner 2007-11-04 17:38 <DIR> d--hs---- C:\FOUND.034 2007-10-29 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft 2007-10-28 18:03 <DIR> d-------- C:\Program Files\Ubisoft 2007-10-20 16:12 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\SurfRight 2007-10-20 16:11 <DIR> d-------- C:\Temp 2007-10-20 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight 2007-10-20 16:08 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys 2007-10-17 19:16 1,358,156 --a------ C:\WINDOWS\system32\silc.dat 2007-10-14 16:45 <DIR> d--hs---- C:\FOUND.033 2007-10-12 01:57 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-28 17:21 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-09-29 08:21 --------- d-----w C:\Program Files\Common Files\Adobe 2007-08-24 19:47 712,704 ----a-w C:\WINDOWS\system32\rlph.dll 2007-08-22 14:19 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll 2007-08-22 14:19 662,016 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-22 14:19 616,960 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-22 14:19 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-22 14:19 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-22 14:19 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-08-22 14:19 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-22 14:19 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-08-22 14:19 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-08-22 14:19 3,079,168 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-22 14:19 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-08-22 14:19 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-22 14:19 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-22 14:19 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-08-22 14:19 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-22 14:19 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-08-22 14:19 1,057,280 ----a-w C:\WINDOWS\system32\dllcache\danim.dll 2007-08-22 14:19 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll 2007-08-21 11:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2007-08-21 07:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 07:18 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [] "SiSPower"="SiSPower.dll" [2005-02-25 19:35 C:\WINDOWS\system32\SiSPower.dll] "SoundMan"="SOUNDMAN.EXE" [2005-02-23 03:13 C:\WINDOWS\SOUNDMAN.EXE] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:30] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 16:41] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00] "Antiy Auto Update"="C:\Program Files\Antiy Labs\Alive\AliveCenter0.exe" [2006-01-04 17:48] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-09-07 20:16] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 01:15] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-11-28 17:58] "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54] "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32] "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-12-05 18:29] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-01-23 08:06] "Magentic"="C:\PROGRA~1\MAGENTIC\bin\Magentic.exe" [2007-04-11 15:39] "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-05 18:29:32] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys R1 mchInjDrv;madCodeHook DLL injection driver;\??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys *Newly Created Service* - INT15.SYS . Inhoud van de 'Gedeelde Taken' map "2007-11-06 17:01:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-10 13:13:44 Windows 5.1.2600 Service Pack 2 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-11-10 13:14:20 - machine was rebooted . --- E O F ---
  • Trouwens, als alles er nu goed uitziet, wat kan ik nog doen om zo veel mogelijk spyware te voorkomen? Nu heb ik Tea Timer van Spybot S&D aanstaan. Of windows defender doet ook goed werk naar het schijnt? Ik weet wel dat echte real time protection tegen spyware niet bestaat, maar anders mag ik binnen een maand weer die laptop kuisen...
  • Hoi Juul, Eerst gaan we je pc helemaal malwarevrij maken en daarna zullen we je beveiliging eens nakijken :) Teatimer van Spybot is actief, deze kan de fix hinderen dus schakelen we deze tijdelijk uit. - Start Spybot - Ga naar Mode > selecteer Advanced Mode - Ga naar Tools en klik op het Resident-icoon in de lijst - Haal het vinkje weg bij Resident TeaTimer en klik OK - Herstart de computer - Download vervolgens [url=http://downloads.subratam.org/ResetTeaTimer.bat]ResetTeaTimer.bat[/url] naar je Bureaublad. Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:958120d242]Folder:: C:\Program Files\Else plus C:\deljob C:\FOUND.034 C:\FOUND.033 File:: C:\WINDOWS\system32\silc.dat C:\WINDOWS\system32\lvci1150.dll [/b:958120d242] Sla dit op op je Bureaublad als [b:958120d242]CFScript.txt[/b:958120d242] Sleep [b:958120d242]CFScript.txt[/b:958120d242] in [b:958120d242]ComboFix.exe[/b:958120d242] zoals getoond in onderstaand voorbeeld : [img:958120d242]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:958120d242] Dit zal [b:958120d242]ComboFix[/b:958120d242] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:958120d242]Combofix.txt[/b:958120d242] in je volgende antwoord. Pim
  • Alweer merci. Combofix log: ComboFix 07-11-08.1 - charlie 2007-11-11 23:53:30.2 - [color=red:ec05a831c5][b:ec05a831c5]FAT32[/b:ec05a831c5][/color:ec05a831c5]x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.166 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\charlie\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\charlie\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE C:\WINDOWS\system32\lvci1150.dll C:\WINDOWS\system32\silc.dat . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\deljob C:\deljob\A9C81B8D918B936D.job C:\FOUND.033 C:\FOUND.033\FILE0000.CHK C:\FOUND.033\FILE0001.CHK C:\FOUND.034 C:\FOUND.034\FILE0000.CHK C:\Program Files\Else plus C:\WINDOWS\system32\lvci1150.dll C:\WINDOWS\system32\silc.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_FOPN (((((((((((((((((((( Bestanden Gemaakt van 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))) . 2007-11-10 12:59 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-09 18:43 <DIR> dr-h----- C:\Documents and Settings\charlie\Onlangs geopend 2007-11-09 11:08 <DIR> d-------- C:\Program Files\Spybot - S&D 2007-11-08 23:16 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-07 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-11-07 21:55 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\Lavasoft 2007-11-07 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-07 21:48 <DIR> d-------- C:\Program Files\Lavasoft 2007-11-07 21:13 <DIR> d-------- C:\Program Files\CCleaner 2007-10-29 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft 2007-10-28 18:03 <DIR> d-------- C:\Program Files\Ubisoft 2007-10-20 16:12 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\SurfRight 2007-10-20 16:11 <DIR> d-------- C:\Temp 2007-10-20 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight 2007-10-20 16:08 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-28 17:21 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-09-29 08:21 --------- d-----w C:\Program Files\Common Files\Adobe 2007-08-24 19:47 712,704 ----a-w C:\WINDOWS\system32\rlph.dll 2007-08-22 14:19 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll 2007-08-22 14:19 662,016 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-22 14:19 616,960 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-22 14:19 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-22 14:19 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-22 14:19 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-08-22 14:19 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-22 14:19 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-08-22 14:19 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-08-22 14:19 3,079,168 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-22 14:19 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-08-22 14:19 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-22 14:19 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-22 14:19 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-08-22 14:19 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-22 14:19 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-08-22 14:19 1,057,280 ----a-w C:\WINDOWS\system32\dllcache\danim.dll 2007-08-22 14:19 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll 2007-08-21 11:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2007-08-21 07:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 07:18 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll . ((((((((((((((((((((((((((((( snapshot@2007-11-10_13.13.58.70 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [] "SiSPower"="SiSPower.dll" [2005-02-25 19:35 C:\WINDOWS\system32\SiSPower.dll] "SoundMan"="SOUNDMAN.EXE" [2005-02-23 03:13 C:\WINDOWS\SOUNDMAN.EXE] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:30] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 16:41] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00] "Antiy Auto Update"="C:\Program Files\Antiy Labs\Alive\AliveCenter0.exe" [2006-01-04 17:48] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-09-07 20:16] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 01:15] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-11-28 17:58] "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54] "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32] "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-12-05 18:29] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-01-23 08:06] "Magentic"="C:\PROGRA~1\MAGENTIC\bin\Magentic.exe" [2007-04-11 15:39] "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-05 18:29:32] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys R1 mchInjDrv;madCodeHook DLL injection driver;\??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys . Inhoud van de 'Gedeelde Taken' map "2007-11-06 17:01:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-12 00:05:17 Windows 5.1.2600 Service Pack 2 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-11-12 0:06:11 - machine was rebooted C:\ComboFix2.txt ... 2007-11-10 13:14 . --- E O F ---
  • Nog één dingetje over het hoofd gezien :oops: Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:314f8f337f] File:: C:\WINDOWS\system32\rlph.dll [/b:314f8f337f] Sla dit op op je Bureaublad als [b:314f8f337f]CFScript.txt[/b:314f8f337f] Sleep [b:314f8f337f]CFScript.txt[/b:314f8f337f] in [b:314f8f337f]ComboFix.exe[/b:314f8f337f] zoals getoond in onderstaand voorbeeld : [img:314f8f337f]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:314f8f337f] Dit zal [b:314f8f337f]ComboFix[/b:314f8f337f] doen herstarten. Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord. Hoe is het met je problemen? Pim
  • Bedankt!! Geen (zichtbare) problemen meer. :D Nu zorgen dat het zo blijft... Moet die teatimer nu terug aan? Of andere software? Ik doe voorlopig nog niets zelf, ik wacht uw advies af :lol: En nog het combofix logje: ComboFix 07-11-08.1 - charlie 2007-11-12 10:54:03.3 - [color=red:613c47ac5e][b:613c47ac5e]FAT32[/b:613c47ac5e][/color:613c47ac5e]x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.163 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\charlie\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\charlie\Bureaublad\CFScript.txt.txt * Nieuw herstelpunt werd aangemaakt FILE C:\WINDOWS\system32\rlph.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\rlph.dll . (((((((((((((((((((( Bestanden Gemaakt van 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))) . 2007-11-10 12:59 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-09 18:43 <DIR> dr-h----- C:\Documents and Settings\charlie\Onlangs geopend 2007-11-09 11:08 <DIR> d-------- C:\Program Files\Spybot - S&D 2007-11-08 23:16 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-07 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-11-07 21:55 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\Lavasoft 2007-11-07 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-07 21:48 <DIR> d-------- C:\Program Files\Lavasoft 2007-11-07 21:13 <DIR> d-------- C:\Program Files\CCleaner 2007-10-29 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft 2007-10-28 18:03 <DIR> d-------- C:\Program Files\Ubisoft 2007-10-20 16:12 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\SurfRight 2007-10-20 16:11 <DIR> d-------- C:\Temp 2007-10-20 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight 2007-10-20 16:08 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-28 17:21 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-09-29 08:21 --------- d-----w C:\Program Files\Common Files\Adobe 2007-08-22 14:19 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll 2007-08-22 14:19 662,016 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-22 14:19 616,960 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-22 14:19 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-22 14:19 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-22 14:19 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-08-22 14:19 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-22 14:19 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-08-22 14:19 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-08-22 14:19 3,079,168 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-22 14:19 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-08-22 14:19 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-22 14:19 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-22 14:19 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-08-22 14:19 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-22 14:19 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-08-22 14:19 1,057,280 ----a-w C:\WINDOWS\system32\dllcache\danim.dll 2007-08-22 14:19 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll 2007-08-21 11:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2007-08-21 07:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 07:18 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll . ((((((((((((((((((((((((((((( snapshot@2007-11-10_13.13.58.70 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [] "SiSPower"="SiSPower.dll" [2005-02-25 19:35 C:\WINDOWS\system32\SiSPower.dll] "SoundMan"="SOUNDMAN.EXE" [2005-02-23 03:13 C:\WINDOWS\SOUNDMAN.EXE] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:30] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 16:41] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00] "Antiy Auto Update"="C:\Program Files\Antiy Labs\Alive\AliveCenter0.exe" [2006-01-04 17:48] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-09-07 20:16] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 01:15] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-11-28 17:58] "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54] "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32] "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-12-05 18:29] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-01-23 08:06] "Magentic"="C:\PROGRA~1\MAGENTIC\bin\Magentic.exe" [2007-04-11 15:39] "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-05 18:29:32] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys R1 mchInjDrv;madCodeHook DLL injection driver;\??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys *Newly Created Service* - INT15.SYS . Inhoud van de 'Gedeelde Taken' map "2007-11-06 17:01:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-12 10:58:11 Windows 5.1.2600 Service Pack 2 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-11-12 10:58:55 - machine was rebooted C:\ComboFix2.txt ... 2007-11-12 00:06 C:\ComboFix3.txt ... 2007-11-10 13:14 . --- E O F ---
  • Mooi dat je problemen zijn opgelost Juul :) Qua beveiliging zie ik dat je NOD32 hebt als virusscanner wat een prima scanner is, daarnaast is Teatimer van Spybot een prima aanvulling. Echter heb je het ook over Windows Defender wat ik nergens terug zie in je logfile. Deze zou ik echter niet installeren, omdat deze dan in conflict kan raken met Spybot's teatimer. Conclusie: Je bent prima beveiligd :) Echter raad ik je wel aan om deze beveilingstips nog eens door te lezen: http://users.telenet.be/marcvn/spyware/1564073.htm http://users.telenet.be/bluepatchy/miekiemoes/preventie.html Pim
  • Enorm bedankt!!!! Laptop draait een heel stuk rapper nu. Ik hoop dat het nu lang zo blijft...

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.