Vraag & Antwoord

Beveiliging & privacy

HijackThis log gaarne voorzien van commentaar aub

Anoniem
M@rc
11 antwoorden
  • Dit is een log van de pc van mijn zus, als beheerder zijnde verder nog 1 gebruiker.
    Allerlei problemen o.a. startpagina, LAN verbinding valt vaak weg en allerlei pop-ups.
    Zelf al bezig geweest met Ad-Aware, Spybot, Ccleaner en RegScrubXP.
    Spybot vond CoolWWWSearch en nog enkele zaken, die hij wel kon verwijderen maar er later toch weer opstonden.
    SWShredder gedraaid doch die gaf aan dat hij niets kon vinden.

    Deze pc staat niet thuis dus ik kan niet onmiddelijk reageren als er reacties zijn. Daarvoor gaarne begrip.
    Ik wacht met spanning af, dus Marc en andere specialisten ……


    Logfile of HijackThis v1.99.0
    Scan saved at 16:10:05, on 27-5-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\system32\drivers\CDAC11BA.EXE
    F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    F:\Program Files\PJ Technologies\GOVsrv\GOVsrv.EXE
    F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    F:\WINDOWS\System32
    vsvc32.exe
    F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\Explorer.EXE
    F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    F:\Program Files\Common Files\Symantec Shared\ccApp.exe
    F:\Program Files\Messenger Plus! 3\MsgPlus.exe
    F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    F:\Program Files\Logitech\ImageStudio\LogiTray.exe
    F:\Program Files\Media Pass\MediaPassK.exe
    F:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    F:\Program Files\Media Pass\MediaPass.exe
    C:\sj666\hpupdate.exe
    F:\Program Files\Messenger\msmsgs.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    F:\Utilities\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
    O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [LVCOMS] F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [LogitechGalleryRepair] F:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] F:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [Media Pass] F:\Program Files\Media Pass\MediaPassK.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [checkrun] F:\windows\system32\elitetcu32.exe
    O4 - HKLM\..\Run: [HP Update 5370C] C:\sj666\hpupdate.exe 5370C+
    O4 - HKLM\..\Run: [DXM6Patch_981116] F:\WINDOWS\p_981116.exe /Q:A
    O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = F:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: Alle links in deze pagina openen… - F:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Blokkeer alle plaatjes afkomstig van dezelfde server - F:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Markeren - F:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Toevoegen aan Reclame Black List - F:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Zoeken - F:\Program Files\Avant Browser\Search.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c2.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com
    esources/MsnPUpld.cab
    O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.borsato.nl/webcam/AxisCamControl.ocx
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
    O16 - DPF: {E3E34A32-3A6A-47CC-B4E3-B8B86715D388} (MBoom Class) - http://pain.gamepoint.net/msn2/2003/ds/sintgame/marsepein/dll/boom.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O23 - Service: Adobe LM Service - Unknown - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - F:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoverLAN Service - PJ Technologies, Inc. - F:\Program Files\PJ Technologies\GOVsrv\GOVsrv.EXE
    O23 - Service: Macromedia Licensing Service - Unknown - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - F:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




  • De gegevens van [b:3d61781228]mijn computer [/b:3d61781228]onderaan het bericht kloppen uiteraard niet, dat is van nijn pc thuis.
  • Download en installeer CCleaner.
    Gebruik het programma nog niet.

    Je gebruikt een oudere versie van HijackThis. Best dat je eerst update naar de nieuwste versie.
    Start HijackThis, Ga naar Config - Misc tools - Check for update online. Download de nieuwste versie, unzip het en plaats het in een eigen map (vb c:\hijackthis).
    (De nieuwste versie van HijackThis kan je ook hier downloaden).

    Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden.Hoe verborgen bestanden en mappen weergeven..

    Je hebt Messengerplus geïnstalleerd met Sponsors. Hierdoor is de computer geïnfecteerd met LOP.
    Ga naar Configuratiescherm - Software - Programma's wijzigen en verwijderen. Deïnstalleer Messenger plus. (Later kan je deze terug installeren, maar kies dan voor een installatie zonder sponsors.)
    Tijdens het deïnstallatieprocess wordt er gevraagd om een securitycode in te geven.

    Download LQfix.zip
    Unzip het en plaats het op je bureaublad.
    Gebruik het nog niet.

    Start de computer in veilige modus.

    Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:cdbd9af18c]O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
    O4 - HKLM\..\Run: [Media Pass] F:\Program Files\Media Pass\MediaPassK.exe
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c2.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
    O20 - AppInit_DLLs: MsgPlusLoader.dll[/b:cdbd9af18c]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Zoek op het bureaublad naar Lqfix.bat. Dubbelklik erop om het te starten.

    Zoek via Windows verkenner naar volgende bestanden of mappen, en verwijder deze indien ze nog aanwezig zijn:

    F:\Program Files\Media Pass

    Start Ccleaner en klik op de knop "Opschonen".
    Herstart de computer in normale modus.

    Start HijackThis opnieuw, maak een nieuwe log en post deze.

    Open een klablokbestand.
    Kopieer onderstaande code in dit kladblokbestand.
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: vindjob.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    [code:1:cdbd9af18c]dir %Windir%\tasks /a:h > files.txt
    notepad files.txt[/code:1:cdbd9af18c]
    Dubbelklik op vindjob.bat.
    Er opent een kladblokbestand. Post de inhoud van dit kladblokbestand.
  • Marc alvast bedankt voor je reacties en aanwijzingen.
    Zaterdagmorgen ga ik weer naar m'n zus en zal dan je raadgevingen opvolgen.
    Ccleaner had ik overigens al uitgevoerd en veel files (284) verwijderd.
    Nogmaals, morgen kom ik terug met een nieuwe log en het kladblokbestand.
  • Marc, in je antwoord heb je het over het volgende:
    [i:18a8efb59c]"Tijdens het deïnstallatieprocess wordt er gevraagd om een securitycode in te geven".[/i:18a8efb59c]
    Omdat ik zelf geen MSN gebruik weet ik niet wat die code inhoud.
    Gaarne even een reactie a.u.b.
  • Die code zie je verschijnen. (is een cijfercode)
    http://www.msgplus.net/images/sponsor_uninstall.jpg
  • Marc hierbij het resutaat.

    Bij het verwijderen van MSN werd niet gevraagd on een code in te voeren.
    In Verkenner F:\Program Files\ Media Pass kunnen verwijderen.
    Bij het verwijderen in Software van MSN Messenger plus kwam ik ook tegen Media Pass. Ik heb deze nog niet verwijderd, moet dit wel? Omdat ik regel O4, waarin Media Pass ook voorkomt, wel moest fixen in HijackThis.
    Regel O20 kwam ik in de nieuwe scan niet meer tegen.

    Is alles nu weg?

    Omdat het mooi weer is zul je wel niet achter de pc zitten en zelf ga ik er ook even tussen uit.
    Thuis zie ik wel je reactie en ga dan morgen wel weer naar m´n zus.

    Voorlopig alvast hartelijk dank!!!!

    De volumenaam van station F is NIEUWE SCHIJF
    Het volumenummer is 1025-4C27

    Map van F:\WINDOWS\tasks

    07-09-2001 14:00 65 desktop.ini
    28-05-2005 12:30 6 SA.DAT
    2 bestand(en) 71 bytes
    0 map(pen) 57.462.472.704 bytes beschikbaar


    Logfile of HijackThis v1.99.1
    Scan saved at 12:24:18, on 28-5-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\Explorer.EXE
    F:\Utilities\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [LVCOMS] F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [LogitechGalleryRepair] F:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] F:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Update 5370C] C:\sj666\hpupdate.exe 5370C+
    O4 - HKLM\..\Run: [DXM6Patch_981116] F:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [salm] f:\temp\salm.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "F:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [Media Access] F:\Program Files\Media Access\MediaAccK.exe
    O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = F:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: Alle links in deze pagina openen… - F:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Blokkeer alle plaatjes afkomstig van dezelfde server - F:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Markeren - F:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Toevoegen aan Reclame Black List - F:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Zoeken - F:\Program Files\Avant Browser\Search.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com
    esources/MsnPUpld.cab
    O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.borsato.nl/webcam/AxisCamControl.ocx
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
    O16 - DPF: {E3E34A32-3A6A-47CC-B4E3-B8B86715D388} (MBoom Class) - http://pain.gamepoint.net/msn2/2003/ds/sintgame/marsepein/dll/boom.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
    O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - F:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoverLAN Service (GOVsrv) - PJ Technologies, Inc. - F:\Program Files\PJ Technologies\GOVsrv\GOVsrv.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


  • Dit logje is in veilige modus genomen.
    Maak een logje in gewone modus en post het.

    Internet optimizer en MediaAcces mag je deïnstalleren.
  • Marc hier het nieuwe logje in normale modus.

    Media Acces heb ik in Software verwijderd, Internet Optimizer kon niet worden verwijderd. Ik kon blijven klikken op verwijderen maar er gebeurde niets.

    Logfile of HijackThis v1.99.1
    Scan saved at 17:11:25, on 28-5-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\system32\drivers\CDAC11BA.EXE
    F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    F:\Program Files\PJ Technologies\GOVsrv\GOVsrv.EXE
    F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    F:\WINDOWS\System32
    vsvc32.exe
    F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    F:\WINDOWS\Explorer.EXE
    F:\Program Files\Common Files\Symantec Shared\ccApp.exe
    F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    F:\Program Files\Logitech\ImageStudio\LogiTray.exe
    F:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\sj666\hpupdate.exe
    F:\temp\salm.exe
    F:\Program Files\Internet Optimizer\optimize.exe
    F:\Program Files\MessengerPlus! 3\MsgPlus.exe
    F:\Program Files\Messenger\msmsgs.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    F:\Utilities\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [LVCOMS] F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [LogitechGalleryRepair] F:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] F:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Update 5370C] C:\sj666\hpupdate.exe 5370C+
    O4 - HKLM\..\Run: [DXM6Patch_981116] F:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [salm] f:\temp\salm.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "F:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = F:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: Alle links in deze pagina openen… - F:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Blokkeer alle plaatjes afkomstig van dezelfde server - F:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Markeren - F:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Toevoegen aan Reclame Black List - F:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Zoeken - F:\Program Files\Avant Browser\Search.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com
    esources/MsnPUpld.cab
    O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.borsato.nl/webcam/AxisCamControl.ocx
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
    O16 - DPF: {E3E34A32-3A6A-47CC-B4E3-B8B86715D388} (MBoom Class) - http://pain.gamepoint.net/msn2/2003/ds/sintgame/marsepein/dll/boom.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
    O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - F:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoverLAN Service (GOVsrv) - PJ Technologies, Inc. - F:\Program Files\PJ Technologies\GOVsrv\GOVsrv.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Ik kan nu pas maandagavond weer iets doen als dat nog nodig is.
    Thuis kan ik natuurlijk wel eerder een reactie lezen.

    En weer bedankt, klasse!




  • Download en installeer CCleaner.
    Gebruik het programma nog niet.

    Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden.Hoe verborgen bestanden en mappen weergeven..

    Start de computer in veilige modus.

    Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:d4808168b7]O4 - HKLM\..\Run: [salm] f:\temp\salm.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "F:\Program Files\Internet Optimizer\optimize.exe"[/b:d4808168b7]

    Klik daarna op "Fix checked" en sluit HijackThis af.


    Zoek via Windows verkenner naar volgende bestanden of mappen, en verwijder deze indien ze nog aanwezig zijn:

    F:\Program Files\Internet Optimizer
    F:\temp\salm.exe

    Start Ccleaner en klik op de knop "Opschonen".
    Herstart de computer in normale modus.

    Start HijackThis opnieuw, maak een nieuwe log en post deze.
  • Marc, hier de nieuwe log.

    Ik kom niet meer in veilige modus, zowel niet met F8 als met safeboot.
    Ik heb diverse malen achter elkaar op F8 gedrukt maar Windows starte gewoon normaal op. Weet je een oplossing?
    In configsys heb ik overigens geen safeboot. Ik heb alleen maar:
    Algemeen/System.ini/Win.ini/Services en Opstarten.

    In normale modus heb ik nu gefixt en de 2 programma´s in verkenner kunnen deleten.

    Logfile of HijackThis v1.99.1
    Scan saved at 18:09:40, on 28-5-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\Explorer.EXE
    F:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    F:\Program Files\MessengerPlus! 3\MsgPlus.exe
    F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    F:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\sj666\hpupdate.exe
    F:\Program Files\Common Files\Symantec Shared\ccApp.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\Program Files\Messenger\msmsgs.exe
    F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    F:\WINDOWS\system32\drivers\CDAC11BA.EXE
    F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    F:\Program Files\PJ Technologies\GOVsrv\GOVsrv.EXE
    F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    F:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    F:\WINDOWS\System32
    vsvc32.exe
    F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    F:\Utilities\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [LVCOMS] F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechImageStudioTray] F:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] F:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [HP Update 5370C] C:\sj666\hpupdate.exe 5370C+
    O4 - HKLM\..\Run: [DXM6Patch_981116] F:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = F:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: Alle links in deze pagina openen… - F:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Blokkeer alle plaatjes afkomstig van dezelfde server - F:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Markeren - F:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Toevoegen aan Reclame Black List - F:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Zoeken - F:\Program Files\Avant Browser\Search.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com
    esources/MsnPUpld.cab
    O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.borsato.nl/webcam/AxisCamControl.ocx
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
    O16 - DPF: {E3E34A32-3A6A-47CC-B4E3-B8B86715D388} (MBoom Class) - http://pain.gamepoint.net/msn2/2003/ds/sintgame/marsepein/dll/boom.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
    O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - F:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GoverLAN Service (GOVsrv) - PJ Technologies, Inc. - F:\Program Files\PJ Technologies\GOVsrv\GOVsrv.EXE
    O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus
    avapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord