Vraag & Antwoord
Log Hijack
17 antwoorden
- Ik heb problemen met mijn aanskluiting op een thuisnetwerk en kan daardoor ook niet meer op het web. Dit bericht komt van een andere computer, die wel op het netwerk komt. Ik heb het vermoeden, dat mijn desktop geblokkeerd wordt Dat blijkt al bij het opstarten. De windowsopstartprocedure kan niet worden afgemaakt. Vermoedelijk is het een virus. Hieronder is een Hijacklog, waaruit hopelijk meer blijkt. Zou iemand er naar willen kijken?
Logfile of HijackThis v1.98.2
Scan saved at 14:14:42, on 26-10-2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\TaskBar\CTLTray.exe
C:\Program Files\Creative\TaskBar\CTLTask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Documents and Settings\Piet\Bureaublad\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe"
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adapter Utility.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\srvdll.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\srvdll.dll
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll - sorry oude versie van hjt, maak via deze link een nieuwe aub en gooi de oude versie weg.
http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=765174#765174 - Gedaan
Logfile of HijackThis v1.99.1
Scan saved at 17:13, on 06-10-26
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\TaskBar\CTLTray.exe
C:\Program Files\Creative\TaskBar\CTLTask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\Piet\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe"
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adapter Utility.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\srvdll.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\srvdll.dll
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe - Hai,
Is er een reden waarom je windows niet op to date hebt, zelfs geen sp1 dat is vragen om moeilijkheden en eigenlijk is het raar dat er niet meer rommel in staat want je systeem is zo lek als een mandje, zoveel updates niet gehad.
Ok de fix.
Start HJT opnieuw en doe een systemscan only, vink onderstaande regel aan sluit alle vensters behalve HJT en klik dan op fix checked.
[b:76f4283da6]O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)[/b:76f4283da6]
start je verkenner en zoek naar onderstaand dikgedrukt bestand.
C:\WINDOWS\System32\[b:76f4283da6]angelex.exe[/b:76f4283da6] als je het vind verwijderen.
Open een kladblok bestand en kopieer onderstaande [b:76f4283da6]vetgedrukte[/b:76f4283da6] tekst in dat kladblokbestand:
[b:76f4283da6]REGEDIT4
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISEXENG]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ISEXEng]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISEXENG]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ISEXEng]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ISEXENG]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ISEXEng][/b:76f4283da6]
Sla dit op op je Bureaublad als [b:76f4283da6]regfix.reg,[/b:76f4283da6] met als type
[b:76f4283da6]"alle bestanden".[/b:76f4283da6]
Dubbelklik op [b:76f4283da6]regfix.reg[/b:76f4283da6] en sta het toevoegen aan het register toe.
Download [b:76f4283da6]Combofix[/b:76f4283da6] naar je Bureaublad.[list:76f4283da6]
Dubbelklik [b:76f4283da6]Combofix.exe[/b:76f4283da6]
Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
Tijdens het runnen van de fix, [b:76f4283da6]NIET[/b:76f4283da6] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:76f4283da6]
Wanneer de fix voltooid is en na herstart, zal de log [b:76f4283da6]combofix.txt[/b:76f4283da6] openen.
[i:76f4283da6]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:76f4283da6]
NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
Succes.
Juisterr - Nee, er is geen speciale reden. Wat raad je aan, SP2?
Angelex niet gevonden.
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Piet\Bureaublad"
((((((((((((((((((((((((((((((( Files Created from 2006-09-27 to 2006-10-27 ))))))))))))))))))))))))))))))))))
2006-10-21 14:28 53,248 -ra—— C:\WINDOWS\system32\InstMed.exe
2006-10-21 14:28 372,736 –a—— C:\WINDOWS\system32\LVUI2RC.dll
2006-10-21 14:28 22,016 –a—— C:\WINDOWS\system32\drivers\LVUSBSta.sys
2006-10-21 14:28 204,800 –a—— C:\WINDOWS\system32\LVUI2.dll
2006-10-21 14:28 204,800 –a—— C:\WINDOWS\system32\lvcodec2.dll
2006-10-21 14:28 2,180,096 –a—— C:\WINDOWS\system32\drivers\lvsvf2.sys
2006-10-21 14:28 106,496 –a—— C:\WINDOWS\system32\lvcoinst.dll
2006-10-21 14:28 1,317,152 –a—— C:\WINDOWS\system32\drivers\lvcm.sys
2006-10-21 14:27 89,088 –a—— C:\WINDOWS\system32\atl71.dll
2006-10-21 14:27 65,536 –a—— C:\WINDOWS\system32\MFC71DEU.DLL
2006-10-21 14:27 61,440 –a—— C:\WINDOWS\system32\MFC71ITA.DLL
2006-10-21 14:27 61,440 –a—— C:\WINDOWS\system32\MFC71ESP.DLL
2006-10-21 14:27 57,344 –a—— C:\WINDOWS\system32\MFC71ENU.DLL
2006-10-21 14:27 499,712 –a—— C:\WINDOWS\system32\msvcp71.dll
2006-10-21 14:27 49,152 –a—— C:\WINDOWS\system32\MFC71KOR.DLL
2006-10-21 14:27 49,152 –a—— C:\WINDOWS\system32\MFC71JPN.DLL
2006-10-21 14:27 45,056 –a—— C:\WINDOWS\system32\MFC71CHT.DLL
2006-10-21 14:27 40,960 –a—— C:\WINDOWS\system32\MFC71CHS.DLL
2006-10-21 14:27 348,160 –a—— C:\WINDOWS\system32\msvcr71.dll
2006-10-21 14:27 1,060,864 –a—— C:\WINDOWS\system32\MFC71.dll
2006-10-21 14:27 1,047,552 –a—— C:\WINDOWS\system32\MFC71u.dll
2006-10-21 12:05 8,192 –a—— C:\WINDOWS\system32\tsbyuv.dll
2006-10-21 12:05 50,176 –a—— C:\WINDOWS\system32\vfwwdm32.dll
2006-10-21 12:05 45,568 –a—— C:\WINDOWS\system32\iyuv_32.dll
2006-10-19 15:35 81,920 –a—— C:\WINDOWS\system32\VM305Sti.dll
2006-10-19 15:35 61,440 –a—— C:\WINDOWS\VM305_STI.exe
2006-10-19 15:35 53,248 –a—— C:\WINDOWS\Sti305.exe
2006-10-19 15:35 49,152 –a—— C:\WINDOWS\amcap.exe
2006-10-19 15:35 392,316 –a—— C:\WINDOWS\system32\drivers\usbVM305.sys
2006-10-19 15:35 307,200 –a—— C:\WINDOWS\vidcap32.Exe
2006-10-19 15:35 114,688 –a—— C:\WINDOWS\VM305Cap.exe
2006-10-15 13:01 69,632 –a—— C:\WINDOWS\system32\SrvDll.dll
2006-10-15 13:01 53,248 –a—— C:\WINDOWS\system32\appstart.exe
2006-10-15 13:01 10,240 –a—— C:\WINDOWS\system32\sporder.Dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-26 19:46 ——– d-a—— C:\Program Files\Common Files
2006-10-26 16:10 ——– d——– C:\Program Files\Windows Media Player
2006-10-25 19:36 ——– d——– C:\Program Files\Vimicro
2006-10-23 20:25 ——– d——– C:\Program Files\Winamp
2006-10-21 14:28 ——– d——– C:\Program Files\Common Files\Logitech
2006-10-21 14:27 ——– d–h—– C:\Program Files\InstallShield Installation Information
2006-10-21 14:26 ——– d——– C:\Program Files\Logitech
2006-10-20 23:31 ——– d——– C:\Program Files\Zylom Games
2006-10-14 20:50 ——– d——– C:\Documents and Settings\Piet\Application Data\ppStream
2006-10-12 18:44 ——– d——– C:\Program Files\Internet Explorer
2006-10-04 20:27 ——– d-a—— C:\Documents and Settings\Piet\Application Data\SopCast
2006-09-30 18:31 ——– d——– C:\Program Files\FlashFXP
2006-08-31 17:06 1957888 –a—— C:\WINDOWS\system32\Tropix.scr
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"NOMAD Detector"="\"C:\\Program Files\\Creative\\SBAudigy\\PlayCenter2\\CTNMRun.exe\""
"TaskTray"="\"C:\\Program Files\\Creative\\TaskBar\\CTLTray.exe\""
"TaskBar"="\"C:\\Program Files\\Creative\\TaskBar\\CTLTask.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTStartup"="C:\\Program Files\\Creative\\SBAudigy\\Program\\CTEaxSpl.EXE /run"
"CTHelper"="CTHELPER.EXE"
"NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"TotalRecorderScheduler"="\"C:\\Program Files\\HighCriteria\\TotalRecorder\\TotRecSched.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="Logi_MwX.Exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
@=""
"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\CTStartup]
"CTStartup"="\"C:\\Program Files\\Creative\\SBAudigy\\Program\\CTEaxSpl.EXE\" EAX.AVI"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000000
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,86,01,00,00,00,00,00,00,7a,02,00,00,c8,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,c8,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,c8,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:5f,00,00,00
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Mijn computer scannen.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-10-27 13:13:02.15
C:\ComboFix.txt … 06-10-27 13:13
C:\ComboFix2.txt … 06-10-26 22:45
C:\ComboFix3.txt … 06-10-26 16:30
Logfile of HijackThis v1.99.1
Scan saved at 13:14:20, on 27-10-2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\TaskBar\CTLTray.exe
C:\Program Files\Creative\TaskBar\CTLTask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Piet\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe"
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adapter Utility.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\srvdll.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\srvdll.dll
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe - Het probleem is nog niet opgelost. Ik zie wel de CPU op 75%. Verder kan ik niets ontdekken.
- Heeft iemand nog een suggestie, of ben ik nu heel ongeduldig?
- [quote:03db217169="PSchenderling"]Heeft iemand nog een suggestie, of ben ik nu heel ongeduldig?[/quote:03db217169]
antwoord is slecht een dag oud, dus ja ongeduldig, wij zijn ook maar vrijwilligers met een gewone baan.
http://www.cexx.org/lspfix.zip
Download LspFix
Start het programma.
Plaats een vinkje bij I know what I am doing.
Zorg dat in het rechtse venster (het remove venster) alle volgende bestanden staan (geen andere)
[b:03db217169] srvdll.dll[/b:03db217169]
Klik op Finish
Download [b:03db217169] naar je Bureaublad:[list:03db217169][*:03db217169]Dubbelklik [b:03db217169]drweb-cureit.exe[/b:03db217169] Klik op udate
[*:03db217169]Na de update verschijnt er een nieuw icoontje op je buroblad "CureIt.exe" dubbelklik het en klik op Scan, sta het toe om de express scan te starten.
[*:03db217169]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
klik de [b:03db217169]Yes to all[/b:03db217169] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
[*:03db217169]Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen.
[*:03db217169]Selecteer hier [b:03db217169]alle drives[/b:03db217169]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
[*:03db217169]Klik daarna de [b:03db217169]groene pijl[/b:03db217169] rechts om de scan te starten.
[*:03db217169]Klik [b:03db217169]Yes to all[/b:03db217169] wanneer er gevraagd wordt om cure of move uit te voeren.
[*:03db217169]Wanneer de scan beëindigd is, kijk of je kunt op het icoontje naast de gevonden bestanden klikken: [img:03db217169]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:03db217169]
[*:03db217169]Indien ja,klik er op en klik vervolgens op het icoontje er juist onder en selecteer [b:03db217169]Move incurable[/b:03db217169] zoals je hier ziet:
[img:03db217169]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:03db217169]
Dit verplaatst gevonden bestanden naar de "%userprofile%\DoctorWeb\quarantaine-map" indien herstel niet mogelijk is.
[*:03db217169]Nadat de scan gedaan is, in het menu bovenaan, klik [b:03db217169]File[/b:03db217169] en kies [b:03db217169]Save report List[/b:03db217169]. Bewaar het op je Bureaublad.
[*:03db217169]Sluit daarna Dr.Web Cureit.
[*:03db217169][b:03db217169]Herstart[/b:03db217169] je computer!! [i:03db217169]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart[/i:03db217169].
[*:03db217169]Na het herstarten, [b:03db217169]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post[/b:03db217169].
[/list:u:03db217169]
Negeer popups over Buy of 50% korting
Aub nieuw HJT logje en het logje van Dr.web.
Succes
J
- Ik begrijp het: liefdewerk oud papier. Het is mooi, dat er mensen zijn, die hun vrije tijd opofferen om anderen te helpen. Ik had gisteren een vrije dag genomen om de problemen aan te pakken vandaar.
Ongelofelijk wat een rotzooi er bij mij opstaat. De pc start nu door, maar nog geen verbinding met het internet.
Hier de logjes
apropos.exe C:\Documents and Settings\Elize\Application Data Trojan.AproposAd Deleted.
Tick Soft.exe C:\Documents and Settings\Elize\Application Data\Kind Ping That Trojan.Swizzor Deleted.
1c152d.exe C:\Documents and Settings\Elize\Local Settings\Temp Trojan.Swizzor Deleted.
40c1e3.exe C:\Documents and Settings\Elize\Local Settings\Temp Trojan.Swizzor Deleted.
bb.exe C:\Documents and Settings\Elize\Local Settings\Temp Adware.BargainBuddy Incurable.Moved.
bis35.exe C:\Documents and Settings\Elize\Local Settings\Temp Trojan.Swizzor Deleted.
dfiTempA.exe C:\Documents and Settings\Elize\Local Settings\Temp Dialer.Xs Deleted.
iinstall.exe C:\Documents and Settings\Elize\Local Settings\Temp Trojan.Isbar.107 Deleted.
powerscan.exe C:\Documents and Settings\Elize\Local Settings\Temp Adware.PowerScan Incurable.Moved.
rebootnt.exe C:\Documents and Settings\Elize\Local Settings\Temp\~vis0000 Tool.Reboot Incurable.Moved.
hotbar.exe C:\Documents and Settings\Elize\Mijn documenten Adware.Hotbar Incurable.Moved.
cln13.tmp C:\Documents and Settings\Richard\Local Settings\Temp Trojan.Dyfuca Deleted.
cln7E.tmp C:\Documents and Settings\Richard\Local Settings\Temp Trojan.Dyfuca Deleted.
fqctbiG.exe C:\Documents and Settings\Richard\Local Settings\Temp Trojan.Isbar Deleted.
optimize.exe C:\Documents and Settings\Richard\Local Settings\Temp Trojan.Dyfuca Deleted.
rebootnt.exe C:\Documents and Settings\Richard\Local Settings\Temp\~vis0000 Tool.Reboot Incurable.Moved.
rebootnt.exe C:\Documents and Settings\Richard\Local Settings\Temp\~vis0001 Tool.Reboot Incurable.Moved.
6 Burn.wma C:\My Shared Folder Trojan.DownLoader.1729 Deleted.
Confessions - Usher - 6 - Burn.wma C:\My Shared Folder Trojan.DownLoader.1729 Deleted.
uninst.exe C:\Program Files\Adverts Trojan.LopAd Deleted.
mindset.exe C:\Program Files\ddm\361 Trojan.MulDrop.749 Deleted.
optimize.exe C:\Program Files\ddm\361 Trojan.Dyfuca Deleted.
mirc.exe C:\Program Files\mIRC Program.mIRC.61 Incurable.Moved.
Dc7.exe C:\RECYCLER\S-1-5-21-583907252-706699826-682003330-1005 Dialer.Xs Deleted.
A0207799.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1036 Adware.PestTrap Incurable.Moved.
A0208507.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040 Adware.PestTrap Incurable.Moved.
A0208590.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040 Trojan.AproposAd Deleted.
A0208591.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040 Trojan.Swizzor Deleted.
A0208592.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040 Trojan.LopAd Deleted.
A0208593.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040 Trojan.MulDrop.749 Deleted.
A0208594.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040 Trojan.Dyfuca Deleted.
A0208595.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040 Dialer.Xs Deleted.
A0203432.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP973 Adware.Hotbar Incurable.Moved.
A0203433.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP973 Adware.Hotbar Incurable.Moved.
A0203436.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP973 Adware.Hotbar Incurable.Moved.
A0203438.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP973 Adware.Hotbar Incurable.Moved.
A0203439.dll C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP973 Adware.Hotbar Incurable.Moved.
A0203440.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP973 Adware.Hotbar Incurable.Moved.
A0203441.dll C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP973 Adware.Hotbar Incurable.Moved.
A0203442.dll C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP973 Adware.Hotbar Incurable.Moved.
A0203482.dll C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP973 Adware.Hotbar Incurable.Moved.
A0204732.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP979 Trojan.LopAd Deleted.
A0204963.dll C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP984 Trojan.Inject.130 Deleted.
A0205001.dll C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP984 Trojan.Inject.130 Deleted.
A0205010.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP984 Adware.Msearch Incurable.Moved.
A0205015.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP984 Adware.Msearch Incurable.Moved.
A0205017.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP984 Trojan.DownLoader.12314 Incurable.Moved.
A0205018.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP984 Trojan.DownLoader.12321 Incurable.Moved.
A0205056.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 Trojan.DownLoader.12321 Incurable.Moved.
A0205057.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 Trojan.DownLoader.12314 Incurable.Moved.
A0205059.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 Adware.Msearch Incurable.Moved.
A0205064.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 Adware.Msearch Incurable.Moved.
A0205070.dll C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 Trojan.Inject.130 Deleted.
A0205079.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 Trojan.DownLoader.12321 Incurable.Moved.
A0205084.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 Trojan.PWS.Gamania Deleted.
A0205085.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 BackDoor.Generic.1400 Deleted.
A0205086.com C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 BackDoor.Generic.1400 Deleted.
A0205087.com C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 BackDoor.Generic.1400 Deleted.
A0205088.COM C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 BackDoor.Generic.1400 Deleted.
A0205089.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 BackDoor.Generic.1400 Deleted.
A0205090.com C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 BackDoor.Generic.1400 Deleted.
A0205091.com C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 BackDoor.Generic.1400 Deleted.
A0205092.pif C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 BackDoor.Generic.1400 Deleted.
A0205093.com C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 BackDoor.Generic.1400 Deleted.
A0205094.pif C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 BackDoor.Generic.1400 Deleted.
A0205095.com C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 BackDoor.Generic.1400 Deleted.
A0205096.com C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 BackDoor.Generic.1400 Deleted.
A0205097.com C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 BackDoor.Generic.1400 Deleted.
A0205098.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 Trojan.DownLoader.12314 Incurable.Moved.
A0205099.EXE C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 BackDoor.Generic.1400 Deleted.
A0205100.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 Trojan.DownLoader.11977 Deleted.
A0205101.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 BackDoor.Generic.1400 Deleted.
A0205102.exe C:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP985 Trojan.DownLoader.10275 Incurable.Moved.
HbInstIE.dll C:\WINDOWS\Downloaded Program Files Adware.Hotbar Incurable.Moved.
HbInstIE.dll C:\WINDOWS\Downloaded Program Files\CONFLICT.1 Adware.Hotbar Incurable.Moved.
exul1.exe C:\WINDOWS\system32 Adware.Exact Incurable.Moved.
SrvDll.dll C:\WINDOWS\system32 Trojan.DownLoader.13539 Will be cured after reboot.
SWRT01.dll C:\WINDOWS\system32 Adware.AdDestroyer Incurable.Moved.
Xcite.dll C:\WINDOWS\system32 Adware.MyWay Incurable.Moved.
Xcite.exe C:\WINDOWS\system32 Trojan.MulDrop.2545 Incurable.Moved.
plg_ie0.dll F:\WINDOWS\Application Data Trojan.LopAd Deleted.
stngleaqco.dll F:\WINDOWS\Application Data Trojan.LopAd Deleted.
mp3_plugin.exe F:\WINDOWS\Downloaded Program Files Trojan.LopAd Deleted.
DietKaza.exe F:\Program Files\Skidmonk\Diet Kaza Probably BACKDOOR.Trojan Incurable.Moved.
Setup.exe F:\Program Files\Skyline\TerraExplorer Probably DLOADER.Trojan Incurable.Moved.
SponsorSetup.exe F:\Program Files\Messenger Plus! 2 Trojan.Swizzor Deleted.
mirc.exe F:\Program Files\mIRC Program.mIRC.603 Incurable.Moved.
A0207804.dll F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1036 Adware.Cydoor Incurable.Moved.
A0207805.dll F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1036 Adware.Cydoor Incurable.Moved.
A0207806.DLL F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1036 Tool.Hatkeys Incurable.Moved.
A0207808.exe\data002 F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1036\A0207808.exe Trojan.LopAd
A0207808.exe F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1036 Archive contains infected objects Moved.
A0207809.exe\data002 F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1036\A0207809.exe Trojan.LopAd
A0207809.exe F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1036 Archive contains infected objects Moved.
A0207810.dll F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1036 Adware.Altnet Incurable.Moved.
A0208570.dll F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040 Adware.Cydoor Incurable.Moved.
A0208571.dll F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040 Adware.Cydoor Incurable.Moved.
A0208572.DLL F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040 Tool.Hatkeys Incurable.Moved.
A0208574.exe\data002 F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040\A0208574.exe Trojan.LopAd
A0208574.exe F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040 Archive contains infected objects Moved.
A0208575.exe\data002 F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040\A0208575.exe Trojan.LopAd
A0208575.exe F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040 Archive contains infected objects Moved.
A0208576.dll F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040 Adware.Altnet
A0208597.dll F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040 Trojan.LopAd Deleted.
A0208598.dll F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040 Trojan.LopAd Deleted.
A0208599.exe F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040 Trojan.LopAd Deleted.
A0208600.exe F:\System Volume Information\_restore{7530CDFB-FCE4-4215-A1FE-8BD40FC04B59}\RP1040 Trojan.Swizzor Deleted.
Logfile of HijackThis v1.99.1
Scan saved at 19:38:13, on 28-10-2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\TaskBar\CTLTray.exe
C:\Program Files\Creative\TaskBar\CTLTask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCLauncher.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Documents and Settings\Piet\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\SBAudigy\PlayCenter2\CTNMRun.exe"
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adapter Utility.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office\OSA9.EXE
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.zugmap.ch/richtplan3d/pages/plugin/gvista30161.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pub.plan.at/mgaxctrlde.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {AE4CEC9D-C836-4579-829B-4C345101B3B9} (GVista Terrain Renderer) - http://www.dilas.ch/plugin/gvista/gvista2709.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Digital Media Adapter Application Loader Service (XWPCApplicationLoaderService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCApplicationLoaderService.exe
O23 - Service: Digital Media Adapter Host Service (XWPCHostService) - Linksys Corporation - C:\Program Files\Linksys Wireless-B Media Adapter\bin\XWPCHostService.exe - Ik heb nu toegang tot het thuisnetwerk, maar nog niet tot het web.
Mijn dochter heeft met een laptop (draadloze verbinding) ook geen internetverbinding. Zij krijgt de boodschap, dat zij geen netwerkadres krijgt toegewezen. Ook niet na 'herstelverbinding'. Hier is van haar pc een hijacklog
Logfile of HijackThis v1.99.1
Scan saved at 21:02:44, on 28-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\tsnp2std.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Elize\Bureaublad\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DW
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://liezisgek.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe - Aanvulling: de laptop van mijn dochter maakt geen verbinding met het internet.
- Heb je op die pc ook de iefix gedaan??
- Inmiddels doet de laptop het niet meer. ik ga eens zoeken.
- Ik heb me vergist. IE werkte op dat moment offline. De status is dus onveranderd. Geen verbinding.
- ik heb nog een iefix probeer deze eens.
http://users.pandora.be/DeLorean/Downloads/WinsockFix.exe
Handleiding voor deze WinSockfix :
Na downloaden Winsockfix.exe aanklikken en "Reg backup" klikken,
je huidig register word nu opgeslaan in de map "ERDNT"
Daarna klik je "Fix" de Winsockfix Utility doet dan het volgende:
1) Controleert je Windows versie
2) Releast uw IP-adress zodat je Offline bent
3) Reset de TCP stack door Netsh.exe te gebruiken (Windows XP alleen)
4) Verwijderd de huidige TCP en Winsock waardes in het register
5) Nieuwe "werkende" waardes worden in de plaats gezet
6) Uw huidig Host bestand word gebackupt
7) Er word een standaard Host bestand geplaatst
herstart je pc. - Hij blijft nu tijdens de opstartprocedure hangen en loopt door als cvshost lokale service beeindigd wordt.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
Gerelateerde vragen
- URL zonder extensie wil niet helemaal lukken
- https verbinding met ssl in owncloud
- afspelen met audacity werkt niet goed
- Computer!Totaal-forum maakt plaats voor v&a-module
- computer start soms niet op
- Pro show gold 4 overgangen tussen tekstdia's
- wie kan mij meer vertellen over een Gigabyte GA-B85M-HD3
- Windows Tijdelijke bestanden