Volledige versie bekijken : een vervelend viruske



CisseRAFC
16 May 2005, 11:24
de genaamde:

Troj_Lowzones.cz
Troj_Dropper.dt
Troj_Startpag.ox
Troj_Istbar.cs

en ik heb een icoontje van "Click me" op mijn scherm staan

Ik heb het via veilige modus proberen te verwijderen, en er stond dat ik het verwijderd heb, maar met terug op te starten is het er nog, wat kan ik doen, ik heb ook even systeemherstel uitgeschakeld om mijn systeemvolume leeg te maken en daarna terug in geschakeld, ik heb Hitman pro laten draaien, maar heelaas met geen succes:eek:


Aan het laatste heb ik aan jullie gedacht, jullie zijn mijn laatste hoop (http://searchmiracle.com/search/search.php?qq=HOOP) vooraleer ik hem (http://searchmiracle.com/search/search.php?qq=HEM) moet formateren (wat juist een week geleden gebeurd is).

Ik was aan 't chatten met een vriend (zie hier onder)

<B><I>[14:49:12] Stefan " Wij: wie is geeraerts mate<<14:49:12] Stefan " Wij: wie is geeraerts mate<<4:49:12] Stefan " Wij: wie is geeraerts mate<<:49:12] Stefan " Wij: wie is geeraerts mate<<49:12] Stefan " Wij: wie is geeraerts mate<<9:12] Stefan " Wij: wie is geeraerts mate<<:12] Stefan " Wij: wie is geeraerts mate<<12] Stefan " Wij: wie is geeraerts mate<<2] Stefan " Wij: wie is geeraerts mate<<] Stefan " Wij: wie is geeraerts mate<< Stefan " Wij: wie is geeraerts mate<<<14:49:12] Stefan " Wij: wie is geeraerts mate<<14:49:12] Stefan " Wij: wie is geeraerts mate<<4:49:12] Stefan " Wij: wie is geeraerts mate<<:49:12] Stefan " Wij: wie is geeraerts mate<<49:12] Stefan " Wij: wie is geeraerts mate<<9:12] Stefan " Wij: wie is geeraerts mate<<:12] Stefan " Wij: wie is geeraerts mate<<12] Stefan " Wij: wie is geeraerts mate<<2] Stefan " Wij: wie is geeraerts mate<<] Stefan " Wij: wie is geeraerts mate<< Stefan " Wij: wie is geeraerts mate<<<4:49:12] Stefan " Wij: wie is geeraerts mate<<14:49:12] Stefan " Wij: wie is geeraerts mate<<4:49:12] Stefan " Wij: wie is geeraerts mate<<:49:12] Stefan " Wij: wie is geeraerts mate<<49:12] Stefan " Wij: wie is geeraerts mate<<9:12] Stefan " Wij: wie is geeraerts mate<<:12] Stefan " Wij: wie is geeraerts mate<<12] Stefan " Wij: wie is geeraerts mate<<2] Stefan " Wij: wie is geeraerts mate<<] Stefan " Wij: wie is geeraerts mate<< Stefan " Wij: wie is geeraerts mate<<<:49:12] Stefan " Wij: wie is geeraerts mate<<14:49:12] Stefan " Wij: wie is geeraerts mate<<4:49:12] Stefan " Wij: wie is geeraerts mate<<:49:12] Stefan " Wij: wie is geeraerts mate<<49:12] Stefan " Wij: wie is geeraerts mate<<9:12] Stefan " Wij: wie is geeraerts mate<<:12] Stefan " Wij: wie is geeraerts mate<<12] Stefan " Wij: wie is geeraerts mate<<2] Stefan " Wij: wie is geeraerts mate<<] Stefan " Wij: wie is geeraerts mate<< Stefan " Wij: wie is geeraerts mate<<<49:12] Stefan " Wij: wie is geeraerts mate<<14:49:12] Stefan " Wij: wie is geeraerts mate<<4:49:12] Stefan " Wij: wie is geeraerts mate<<:49:12] Stefan " Wij: wie is geeraerts mate<<49:12] Stefan " Wij: wie is geeraerts mate<<9:12] Stefan " Wij: wie is geeraerts mate<<:12] Stefan " Wij: wie is geeraerts mate<<12] Stefan " Wij: wie is geeraerts mate<<2] Stefan " Wij: wie is geeraerts mate<<] Stefan " Wij: wie is geeraerts mate<< Stefan " Wij: wie is geeraerts mate<<<9:12] Stefan " Wij: wie is geeraerts mate<<14:49:12] Stefan " Wij: wie is geeraerts mate<<4:49:12] Stefan " Wij: wie is geeraerts mate<<:49:12] Stefan " Wij: wie is geeraerts mate<<49:12] Stefan " Wij: wie is geeraerts mate<<9:12] Stefan " Wij: wie is geeraerts mate<<:12] Stefan " Wij: wie is geeraerts mate<<12] Stefan " Wij: wie is geeraerts mate<<2] Stefan " Wij: wie is geeraerts mate<<] Stefan " Wij: wie is geeraerts mate<< Stefan " Wij: wie is geeraerts mate<<<:12] Stefan " Wij: wie is geeraerts mate<<14:49:12] Stefan " Wij: wie is geeraerts mate<<4:49:12] Stefan " Wij: wie is geeraerts mate<<:49:12] Stefan " Wij: wie is geeraerts mate<<49:12] Stefan " Wij: wie is geeraerts mate<<9:12] Stefan " Wij: wie is geeraerts mate<<:12] Stefan " Wij: wie is geeraerts mate<<12] Stefan " Wij: wie is geeraerts mate<<2] Stefan " Wij: wie is geeraerts mate<<] Stefan " Wij: wie is geeraerts mate<< Stefan " Wij: wie is geeraerts mate<<<12] Stefan " Wij: wie is geeraerts mate<<14:49:12] Stefan " Wij: wie is geeraerts mate<<4:49:12] Stefan " Wij: wie is geeraerts mate<<:49:12] Stefan " Wij: wie is geeraerts mate<<49:12] Stefan " Wij: wie is geeraerts mate<<9:12] Stefan " Wij: wie is geeraerts mate<<:12] Stefan " Wij: wie is geeraerts mate<<12] Stefan " Wij: wie is geeraerts mate<<2] Stefan " Wij: wie is geeraerts mate<<] Stefan " Wij: wie is geeraerts mate<< Stefan " Wij: wie is geeraerts mate<<<2] Stefan " Wij: wie is geeraerts mate<<14:49:12] Stefan " Wij: wie is geeraerts mate<<4:49:12] Stefan " Wij: wie is geeraerts mate<<:49:12] Stefan " Wij: wie is geeraerts mate<<49:12] Stefan " Wij: wie is geeraerts mate<<9:12] Stefan " Wij: wie is geeraerts mate<<:12] Stefan " Wij: wie is geeraerts mate<<12] Stefan " Wij: wie is geeraerts mate<<2] Stefan " Wij: wie is geeraerts mate<<] Stefan " Wij: wie is geeraerts mate<< Stefan " Wij: wie is geeraerts mate<<<] Stefan " Wij: wie is geeraerts mate<<14:49:12] Stefan " Wij: wie is geeraerts mate<<4:49:12] Stefan " Wij: wie is geeraerts mate<<:49:12] Stefan " Wij: wie is geeraerts mate<<49:12] Stefan " Wij: wie is geeraerts mate<<9:12] Stefan " Wij: wie is geeraerts mate<<:12] Stefan " Wij: wie is geeraerts mate<<12] Stefan " Wij: wie is geeraerts mate<<2] Stefan " Wij: wie is geeraerts mate<<] Stefan " Wij: wie is geeraerts mate<< Stefan " Wij: wie is geeraerts mate<<< Stefan " Wij: wie is geeraerts mate<<14:49:12] Stefan " Wij: wie is geeraerts mate<<4:49:12] Stefan " Wij: wie is geeraerts mate<<:49:12] Stefan " Wij: wie is geeraerts mate<<49:12] Stefan " Wij: wie is geeraerts mate<<9:12] Stefan " Wij: wie is geeraerts mate<<:12] Stefan " Wij: wie is geeraerts mate<<12] Stefan " Wij: wie is geeraerts mate<<2] Stefan " Wij: wie is geeraerts mate<<] Stefan " Wij: wie is geeraerts mate<< Stefan " Wij: wie is geeraerts mate<<<STEFAN href="HTTP://searchmiracle.com/search/search.php?qq=FAN" target="_blank" geeraerts is wie Wij: ? mate<<<fan ("]fan[/url] " Wij: wie is geeraerts mate<<14:49:12] Ste Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<:49:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<49:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<9:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<2] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<< Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<<AN href="HTTP://searchmiracle.com/search/search.php?qq=FAN" target="_blank" geeraerts is wie Wij: ? mate<<<<a Stefan mate<< mate<<] mate<<2] mate<<12] mate<<:12] mate<<9:12] mate<<49:12] mate<<:49:12] mate<<4:49:12] mate<<14:49:12] mate<<<efan mate<<<tefan mate<<<Stefan mate<<< mate<<<] mate<<<2] mate<<<12] mate<<<:12] mate<<<9:12] mate<<<49:12] mate<<<:49:12] mate<<<4:49:12] mate<<<14:49:12] mate<<<;14:49:12] mate<<<t;14:49:12] mate<<<lt;14:49:12] mate<<<<14:49:12] mate<<<;<14:49:12] mate<<<t;<14:49:12] mate<<<lt;<14:49:12] mate<<<<<14:49:12] mate<<<e<<14:49:12] mate<<<te<<14:49:12] mate<<<ate<<14:49:12] mate<<<mate<<14:49:12] mate<<<s mate<<<ts mate<<<rts mate<<<erts mate<<<aerts mate<<<raerts mate<<<eraerts mate<<<eeraerts mate<<<geeraerts mate<<<is mate<<<e mate<<<ie mate<<<wie mate<<<: mate<<<j: mate<<<ij: mate<<<Wij: mate<<<? mate<<<n>fan " Wij: wie is geeraerts mate<<4:49:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<:49:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<49:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<9:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<2] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<< Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<<AN href="HTTP://searchmiracle.com/search/search.php?qq=FAN" target="_blank" geeraerts is wie Wij: ? mate<<<<a Stefan mate<< mate<<] mate<<2] mate<<12] mate<<:12] mate<<9:12] mate<<49:12] mate<<:49:12] mate<<4:49:12] mate<<<efan mate<<<tefan mate<<<Stefan mate<<< mate<<<] mate<<<2] mate<<<12] mate<<<:12] mate<<<9:12] mate<<<49:12] mate<<<:49:12] mate<<<4:49:12] mate<<<s mate<<<ts mate<<<rts mate<<<erts mate<<<aerts mate<<<raerts mate<<<eraerts mate<<<eeraerts mate<<<geeraerts mate<<<is mate<<<e mate<<<ie mate<<<wie mate<<<: mate<<<j: mate<<<ij: mate<<<Wij: mate<<<? mate<<<n mate<<<;4:49:12] mate<<<t;4:49:12] mate<<<lt;4:49:12] mate<<<<4:49:12] mate<<<;<4:49:12] mate<<<t;<4:49:12] mate<<<lt;<4:49:12] mate<<<<<4:49:12] mate<<<e<<4:49:12] mate<<<te<<4:49:12] mate<<<ate<<4:49:12] mate<<<mate<<4:49:12]>fan " Wij: wie is geeraerts mate<<:49:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<49:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<9:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<2] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<< Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<<AN href="HTTP://searchmiracle.com/search/search.php?qq=FAN" target="_blank" geeraerts is wie Wij: ? mate<<<<a Stefan mate<< mate<<] mate<<2] mate<<12] mate<<:12] mate<<9:12] mate<<49:12] mate<<:49:12] mate<<<efan mate<<<tefan mate<<<Stefan mate<<< mate<<<] mate<<<2] mate<<<12] mate<<<:12] mate<<<9:12] mate<<<49:12] mate<<<:49:12] mate<<<s mate<<<ts mate<<<rts mate<<<erts mate<<<aerts mate<<<raerts mate<<<eraerts mate<<<eeraerts mate<<<geeraerts mate<<<is mate<<<e mate<<<ie mate<<<wie mate<<<: mate<<<j: mate<<<ij: mate<<<Wij: mate<<<? mate<<<n mate<<<;:49:12] mate<<<t;:49:12] mate<<<lt;:49:12] mate<<<<:49:12] mate<<<;<:49:12] mate<<<t;<:49:12] mate<<<lt;<:49:12] mate<<<<<:49:12] mate<<<e<<:49:12] mate<<<te<<:49:12] mate<<<ate<<:49:12] mate<<<mate<<:49:12]>fan " Wij: wie is geeraerts mate<<49:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<9:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<2] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<< Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<<AN href="HTTP://searchmiracle.com/search/search.php?qq=FAN" target="_blank" geeraerts is wie Wij: ? mate<<<<a Stefan mate<< mate<<] mate<<2] mate<<12] mate<<:12] mate<<9:12] mate<<49:12] mate<<<efan mate<<<tefan mate<<<Stefan mate<<< mate<<<] mate<<<2] mate<<<12] mate<<<:12] mate<<<9:12] mate<<<49:12] mate<<<s mate<<<ts mate<<<rts mate<<<erts mate<<<aerts mate<<<raerts mate<<<eraerts mate<<<eeraerts mate<<<geeraerts mate<<<is mate<<<e mate<<<ie mate<<<wie mate<<<: mate<<<j: mate<<<ij: mate<<<Wij: mate<<<? mate<<<n mate<<<;49:12] mate<<<t;49:12] mate<<<lt;49:12] mate<<<<49:12] mate<<<;<49:12] mate<<<t;<49:12] mate<<<lt;<49:12] mate<<<<<49:12] mate<<<e<<49:12] mate<<<te<<49:12] mate<<<ate<<49:12] mate<<<mate<<49:12]>fan " Wij: wie is geeraerts mate<<9:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<2] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<< Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<<AN href="HTTP://searchmiracle.com/search/search.php?qq=FAN" target="_blank" geeraerts is wie Wij: ? mate<<<<a Stefan mate<< mate<<] mate<<2] mate<<12] mate<<:12] mate<<9:12] mate<<<efan mate<<<tefan mate<<<Stefan mate<<< mate<<<] mate<<<2] mate<<<12] mate<<<:12] mate<<<9:12] mate<<<s mate<<<ts mate<<<rts mate<<<erts mate<<<aerts mate<<<raerts mate<<<eraerts mate<<<eeraerts mate<<<geeraerts mate<<<is mate<<<e mate<<<ie mate<<<wie mate<<<: mate<<<j: mate<<<ij: mate<<<Wij: mate<<<? mate<<<n mate<<<;9:12] mate<<<t;9:12] mate<<<lt;9:12] mate<<<<9:12] mate<<<;<9:12] mate<<<t;<9:12] mate<<<lt;<9:12] mate<<<<<9:12] mate<<<e<<9:12] mate<<<te<<9:12] mate<<<ate<<9:12] mate<<<mate<<9:12]>fan " Wij: wie is geeraerts mate<<:12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<2] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<< Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<<AN href="HTTP://searchmiracle.com/search/search.php?qq=FAN" target="_blank" geeraerts is wie Wij: ? mate<<<<a Stefan mate<< mate<<] mate<<2] mate<<12] mate<<:12] mate<<<efan mate<<<tefan mate<<<Stefan mate<<< mate<<<] mate<<<2] mate<<<12] mate<<<:12] mate<<<s mate<<<ts mate<<<rts mate<<<erts mate<<<aerts mate<<<raerts mate<<<eraerts mate<<<eeraerts mate<<<geeraerts mate<<<is mate<<<e mate<<<ie mate<<<wie mate<<<: mate<<<j: mate<<<ij: mate<<<Wij: mate<<<? mate<<<n mate<<<;:12] mate<<<t;:12] mate<<<lt;:12] mate<<<<:12] mate<<<;<:12] mate<<<t;<:12] mate<<<lt;<:12] mate<<<<<:12] mate<<<e<<:12] mate<<<te<<:12] mate<<<ate<<:12] mate<<<mate<<:12]>fan " Wij: wie is geeraerts mate<<12] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<2] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<< Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<<AN href="HTTP://searchmiracle.com/search/search.php?qq=FAN" target="_blank" geeraerts is wie Wij: ? mate<<<<a Stefan mate<< mate<<] mate<<2] mate<<12] mate<<<efan mate<<<tefan mate<<<Stefan mate<<< mate<<<] mate<<<2] mate<<<12] mate<<<s mate<<<ts mate<<<rts mate<<<erts mate<<<aerts mate<<<raerts mate<<<eraerts mate<<<eeraerts mate<<<geeraerts mate<<<is mate<<<e mate<<<ie mate<<<wie mate<<<: mate<<<j: mate<<<ij: mate<<<Wij: mate<<<? mate<<<n mate<<<;12] mate<<<t;12] mate<<<lt;12] mate<<<<12] mate<<<;<12] mate<<<t;<12] mate<<<lt;<12] mate<<<<<12] mate<<<e<<12] mate<<<te<<12] mate<<<ate<<12] mate<<<mate<<12]>fan " Wij: wie is geeraerts mate<<2] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<< Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<<AN href="HTTP://searchmiracle.com/search/search.php?qq=FAN" target="_blank" geeraerts is wie Wij: ? mate<<<<a Stefan mate<< mate<<] mate<<2] mate<<<efan mate<<<tefan mate<<<Stefan mate<<< mate<<<] mate<<<2] mate<<<s mate<<<ts mate<<<rts mate<<<erts mate<<<aerts mate<<<raerts mate<<<eraerts mate<<<eeraerts mate<<<geeraerts mate<<<is mate<<<e mate<<<ie mate<<<wie mate<<<: mate<<<j: mate<<<ij: mate<<<Wij: mate<<<? mate<<<n mate<<<;2] mate<<<t;2] mate<<<lt;2] mate<<<<2] mate<<<;<2] mate<<<t;<2] mate<<<lt;<2] mate<<<<<2] mate<<<e<<2] mate<<<te<<2] mate<<<ate<<2] mate<<<mate<<2]>fan " Wij: wie is geeraerts mate<<] Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<< Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<<AN href="HTTP://searchmiracle.com/search/search.php?qq=FAN" target="_blank" geeraerts is wie Wij: ? mate<<<<a Stefan mate<< mate<<] mate<<<efan mate<<<tefan mate<<<Stefan mate<<< mate<<<] mate<<<s mate<<<ts mate<<<rts mate<<<erts mate<<<aerts mate<<<raerts mate<<<eraerts mate<<<eeraerts mate<<<geeraerts mate<<<is mate<<<e mate<<<ie mate<<<wie mate<<<: mate<<<j: mate<<<ij: mate<<<Wij: mate<<<? mate<<<n mate<<<;] mate<<<t;] mate<<<lt;] mate<<<<] mate<<<;<] mate<<<t;<] mate<<<lt;<] mate<<<<<] mate<<<e<<] mate<<<te<<] mate<<<ate<<] mate<<<mate<<]>fan " Wij: wie is geeraerts mate<< Stefan (http://searchmiracle.com/search/search.php?qq=FAN) " Wij: wie is geeraerts mate<<<AN href="HTTP://searchmiracle.com/search/search.php?qq=FAN" target="_blank" geeraerts is wie Wij: ? mate<<<<a Stefan mate<< mate<<<efan mate<<<tefan mate<<<Stefan mate<<< mate<<<s mate<<<ts mate<<<rts mate<<<erts mate<<<aerts mate<<<raerts mate<<<eraerts mate<<<eeraerts mate<<<geeraerts mate<<<is mate<<<e mate<<<ie mate<<<wie mate<<<: mate<<<j: mate<<<ij: mate<<<Wij: mate<<<? mate<<<n mate<<<; mate<<<t; mate<<<lt; mate<<<< mate<<<;< mate<<<t;< mate<<<lt;< mate<<<<< mate<<<e<< mate<<<te<< mate<<<ate<< mate<<<mate<<>fan " Wij: wie is geeraerts mate<<<AN href="HTTP://searchmiracle.com/search/search.php?qq=FAN" target="_blank" mate<<<a geeraerts is wie Wij: ? mate<<='FAN"' mate<<< mate<<<s mate<<<ts mate<<<rts mate<<<erts mate<<<aerts mate<<<raerts mate<<<eraerts mate<<<eeraerts mate<<<geeraerts mate<<<is mate<<<e mate<<<ie mate<<<wie mate<<<: mate<<<j: mate<<<ij: mate<<<Wij: mate<<<? mate<<<n mate<<q='FAN"' mate<<qq='FAN"' mate<<?qq='FAN"' mate<

FAN" target="_blank" mate<<AN" href="HTTP://searchmiracle.com/search/search.php?qq=FAN" target="_blank" mate<<<a geeraerts is wie Wij: ? mate<< mate<<s mate<<ts mate<<rts mate<<erts mate<<aerts mate<<raerts mate<<eraerts mate<<eeraerts mate<<geeraerts mate<<is mate<<e mate<<ie mate<<wie mate<<: mate<<j: mate<<ij: mate<<Wij: mate<<? mate<<mate<<ate<<te<<e<<<<<<efan mate<<mate<<ate<<te<<e<<<<<<<<a mate<<k? mate<<nk? mate<<ank? mate<<lank? mate<<blank? mate<<_blank? mate<<?_blank? mate<<t="_blank" mate<<et="_blank" mate<<get="_blank" mate<<rget="_blank" mate<<arget="_blank" mate<<target="_blank" mate<<N?>fan mate<<AN mate<< mate<<n mate<<mate<<ate<<te<<e<<<<<tefan>fan " Wij: wie is geeraerts mate<<<" Wij: wie is geeraerts mate<<< Wij: wie is geeraerts mate<<<WIJ: geeraerts is wie Wij: ? mate<< mate<<s mate<<ts mate<<rts mate<<erts mate<<aerts mate<<raerts mate<<eraerts mate<<eeraerts mate<<geeraerts mate<<is mate<<e mate<<ie mate<<wie mate<<: mate<<j: mate<<ij: mate<<Wij: mate<<? mate<<< mate<<<s mate<<<ts mate<<<rts mate<<<erts mate<<<aerts mate<<<raerts mate<<<eraerts mate<<<eeraerts mate<<<geeraerts mate<<<is mate<<<e mate<<<ie mate<<<wie mate<<<: mate<<<j: mate<<<ij: mate<<mate<<ate<<te<<e<<<<<n mate<<mate<<ate<<te<<e<<<<<<? mate<<mate<<ate<<te<<e<<<<<<Wij: mate<<mate<<ate<<te<<e<<<<<<ij: mate<<mate<<ate<<te<<e<<<<<<j: mate<<mate<<ate<<te<<e<<<<<<: mate<<mate<<ate<<te<<e<<<<<<wie mate<<mate<<ate<<te<<e<<<<<<ie mate<<mate<<ate<<te<<e<<<<<<e mate<<mate<<ate<<te<<e<<<<<<is mate<<mate<<ate<<te<<e<<<<<<geeraerts mate<<mate<<ate<<te<<e<<<<<<eeraerts mate<<mate<<ate<<te<<e<<<<<<eraerts mate<<mate<<ate<<te<<e<<<<<<raerts mate<<mate<<ate<<te<<e<<<<<<aerts mate<<mate<<ate<<te<<e<<<<<<erts mate<<mate<<ate<<te<<e<<<<<<rts mate<<mate<<ate<<te<<e<<<<<<ts mate<<mate<<ate<<te<<e<<<<<<s mate<<mate<<ate<<te<<e<<<<<< mate<<r mate<<mate<<ate<<te<<e<<<<<<mate<<ate<<te<<e<<<<<<ate<<te<<e<<<<<<te<<e<<<<<<e<<<<<<<<<<?<<<
[14:49:43] (so)RAFCboy(: Carl Geeraerts doet de financiele kant
[14:49:48] Stefan " Wij: ahzo
[14:50:11] Stefan " Wij: ier
[14:50:12] Stefan " Wij: efkes eerlek
[14:50:20] Stefan " Wij: dees is toch nen bangeleke foto van ons vak
é
[14:50:23] Stefan " Wij:
</I></B><I>http://viewpics.myphotos.cc/views.php?dir=pics&section=hot</I> (http://viewpics.myphotos.cc/views.php?dir=pics&section=hot)<I>&
clip=14
[14:50:32] Stefan " Wij: oei
[14:50:34] Stefan " Wij: verkeerde
[14:50:37] Stefan " Wij: ni opene da
[14:50:45] (so)RAFCboy(:
</I>http://viewpics.myphotos.cc/views.php?dir=pics&section=hot (http://viewpics.myphotos.cc/views.php?dir=pics&section=hot)&
clip=14
[14:50:45] Stefan " Wij:
http://www.raceshots.be/gallery3/displayimage.php?album=50 (http://www.raceshots.be/gallery3/displayimage.php?album=50)&
pos=135
[14:50:48] Stefan " Wij: dees
[14:50:58] Stefan " Wij: die raceshots..
[14:51:32] (so)RAFCboy(: wat was dat vorige?
[14:53:22] Stefan " Wij: kweeni da kwammer inees op
[14:53:35] Stefan " Wij: khad die link van die foto gekopiert en ik
plakte da
[14:53:51] (so)RAFCboy(: shit en ik kreeg allemaal vensterkes
[14:54:11] (so)RAFCboy(: èèn of ander virus denk ik
[14:54:20] (so)RAFCboy(: ik gaan even scannen, tot later
[14:54:34] Stefan " Wij: nee nee een virus isda ni ze;)
[14:54:40] Stefan " Wij: das zo'n grap
[14:54:44] Stefan " Wij: maar ni schadelek
[14:54:56] (so)RAFCboy(: zeker?
[14:55:31] Stefan " Wij: jepzz
[14:56:17] (so)RAFCboy(: haa want ik heb het al eens gehad zoiets
zenneµ
[14:56:30] (so)RAFCboy(: goed ik ga wat verder doen tot later
[14:56:35] Stefan " Wij: oke
[14:56:40] Stefan " Wij: (K)
[14:56:46] (so)RAFCboy(: dada
[14:56:53] Stefan " Wij: :D
[14:57:02] Stefan " Wij: ly



Ziehier mijn logje:

Logfile of HijackThis v1.99.1

Scan saved at 10:54:25, on 16/05/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\WINDOWS\Mixer.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\D-Tools\daemon.exe

C:\WINDOWS\System32\msnmsgrsc.exe

C:\Program Files\Internet Optimizer\optimize.exe

C:\Program Files\BullsEye Network\bin\bargains.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\LookNMeet\Agent.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe

C:\WINDOWS\System32\wuauclt.exe

D:\Kopie van 2de schijf\Software\HijackThis.exe

<o:p></o:p>

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/hln/art/cache/homehome.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: (no name) - _{D1C8F9CE-563E-11D8-813C-005022E14DE2} - (no file)

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe

O4 - HKLM\..\Run: [strmsnmsgrs] msnmsgrsc.exe

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitejho32.exe

O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\belgium_nm.exe -N

O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\RunServices: [strmsnmsgrs] msnmsgrsc.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [LookNMeet] C:\Program Files\LookNMeet\Agent.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll

O9 - Extra button: LookNMeet - {5D602A21-B929-11d7-A5D3-005022E14DE3} - http://www.looknmeet.be/ (file missing)

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115804947334

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://www.looknmeet.be:8080/lnm_v4/agent/LNMAgentInstaller.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

jurgenv
16 May 2005, 11:30
internet optimizer en bulseye network mag je al verwijderen bij software

CisseRAFC
16 May 2005, 12:21
Logfile of HijackThis v1.99.0
Scan saved at 12:10:03, on 16/05/2005
Platform: Windows (http://searchmiracle.com/search/search.php?qq=WINDOWS) XP SP1 (WinNT 5.01.2600)
MSIE: Internet (http://searchmiracle.com/search/search.php?qq=INTERNET) Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\msnmsgrsc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\LookNMeet\Agent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Cisse\Mijn documenten\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar (http://searchmiracle.com/search/search.php?qq=BAR) = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/hln/art/cache/homehome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080 (http://pac.telenet.be:8080/)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{D1C8F9CE-563E-11D8-813C-005022E14DE2} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitejho32.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\belgium_nm.exe -N
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\RunServices: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LookNMeet] C:\Program Files\LookNMeet\Agent.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style (http://searchmiracle.com/search/search.php?qq=STYLE) Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: LookNMeet - {5D602A21-B929-11d7-A5D3-005022E14DE3} - http://www.looknmeet.be/ (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools (http://searchmiracle.com/search/search.php?qq=TOOLS)' menuitem: Windows (http://searchmiracle.com/search/search.php?qq=WINDOWS) Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://ny.contentmatch.net (http://ny.contentmatch.net/) (HKLM)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper (http://searchmiracle.com/search/search.php?qq=MINESWEEPER) Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner (http://searchmiracle.com/search/search.php?qq=SCANNER)) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115804947334
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://www.looknmeet.be:8080/lnm_v4/agent/LNMAgentInstaller.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: InCD Helper - Ahead Software (http://searchmiracle.com/search/search.php?qq=SOFTWARE) AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe

jurgenv
16 May 2005, 12:23
gebruik de 1.99.1 versie en post nog eens een nieuw logje ;)

CisseRAFC
16 May 2005, 12:37
Logfile of HijackThis v1.99.1
Scan saved at 12:26:11, on 16/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\msnmsgrsc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\LookNMeet\Agent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
D:\Kopie van 2de schijf\Software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/hln/art/cache/homehome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{D1C8F9CE-563E-11D8-813C-005022E14DE2} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitejho32.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\belgium_nm.exe -N
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\RunServices: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LookNMeet] C:\Program Files\LookNMeet\Agent.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: LookNMeet - {5D602A21-B929-11d7-A5D3-005022E14DE3} - http://www.looknmeet.be/ (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115804947334
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://www.looknmeet.be:8080/lnm_v4/agent/LNMAgentInstaller.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

CisseRAFC
16 May 2005, 13:53
Logfile of HijackThis v1.99.1
Scan saved at 13:42:03, on 16/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\msnmsgrsc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\LookNMeet\Agent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
D:\Kopie van 2de schijf\Software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/hln/art/cache/homehome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitejho32.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\belgium_nm.exe -N
O4 - HKLM\..\RunServices: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LookNMeet] C:\Program Files\LookNMeet\Agent.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115804947334
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://www.looknmeet.be:8080/lnm_v4/agent/LNMAgentInstaller.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

jurgenv
16 May 2005, 13:57
de-installeer messenger plus eens en installeer hem dan ZONDER sponser

jurgenv
16 May 2005, 14:01
post dan trouwens ook eens een nieuw logje ;)

jurgenv
16 May 2005, 14:03
zijn keuze :p

jurgenv
16 May 2005, 14:10
start==>uitvoeren==>msconfig==>tabblad opstarten en vink daar uit:
belgium_nm.exe -N

ga in veilige modus en verwijder handmatig volgende bestanden:
belgium_nm.exe -N

CisseRAFC
16 May 2005, 14:40
start==>uitvoeren==>msconfig==>tabblad opstarten en vink daar uit:
belgium_nm.exe -N

ga in veilige modus en verwijder handmatig volgende bestanden:
belgium_nm.exe -NHeb ik geprobeerd en het gaat niet:mad:

jurgenv
16 May 2005, 14:42
ok, heb je al gedaan wat spykiller vroeg? online virusscan uitgevoert? en heb je nu msn plus verwijderd? dat allemaal gedaan post dan een nieuw logje :)

CisseRAFC
16 May 2005, 14:51
Yep heb ik allemaal gedaan, ik heb ook geprobeerd via Hijack dat bestandje "Belgium_nm.exe" te verwijderen, maar heelaas:(


Hier het nieuw logje:

Logfile of HijackThis v1.99.1
Scan saved at 14:38:03, on 16/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\msnmsgrsc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\LookNMeet\Agent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Kopie van 2de schijf\Software\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/hln/art/cache/homehome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitejho32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\belgium_nm.exe -N
O4 - HKLM\..\RunServices: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LookNMeet] C:\Program Files\LookNMeet\Agent.exe
O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115804947334
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://www.looknmeet.be:8080/lnm_v4/agent/LNMAgentInstaller.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

CisseRAFC
16 May 2005, 15:06
mijn virussen zijn nog steeds aanwezig hoor:rolleyes:

jurgenv
16 May 2005, 15:19
dit regeltje fixen (alle vensters sluiten behalve hijackthis en op 'fix checked' klikken)
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\belgium_nm.exe -N

start je pc in veilige modus en verwijderd indien aanwezig:
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\belgium_nm.exe -N <== dit bestandje

miekiemoes
16 May 2005, 15:30
Ik zou hier graag willen helpen -- maar helaas heb ik niet meer echt een overzicht wat er nu wel en niet via msconfig of codestuffstarter is uitgevinkt die slecht waren en wat er intussen al allemaal verwijderd is.
Deze sleutels moeten verwijderd worden ipv uitgeschakeld.
Kan iemand me even duidelijkheid geven waar we nu staan? ( wat er inmiddels wel en niet verwijderd is van bestanden?) Want ik kan totaal niet meer volgen hier. Probleem is dus duidelijk niet opgelost zoals in de log te zien.

CisseRAFC
16 May 2005, 15:44
Heb ik gedaan, maar het gaat er gewoon niet uit:confused:

Logfile of HijackThis v1.99.1
Scan saved at 15:31:11, on 16/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\msnmsgrsc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\LookNMeet\Agent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Kopie van 2de schijf\Software\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/hln/art/cache/homehome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitejho32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\belgium_nm.exe -N
O4 - HKLM\..\RunServices: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LookNMeet] C:\Program Files\LookNMeet\Agent.exe
O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115804947334
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://www.looknmeet.be:8080/lnm_v4/agent/LNMAgentInstaller.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

jurgenv
16 May 2005, 15:46
nu niets doen tot miekiemoes het zegt

miekiemoes
16 May 2005, 16:02
Volgende horen ook niet thuis:

O4 - HKLM\..\Run: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitejho32.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\belgium_nm.exe -N
O4 - HKLM\..\RunServices: [strmsnmsgrs] msnmsgrsc.exe
O4 - HKCU\..\Run: [strmsnmsgrs] msnmsgrsc.exe

Maar -- niks fixen in hijackthis, we zullen het anders aanpakken, want het is heel belangrijk dat dit in veilige mode uitgevoerd wordt!! Want in normale mode zijn de bestanden niet allemaal zichtbaar.

Download volgende attachement: cissefix.zip
unzip het en plaats het op je bureaublad.
Nog niet gebruiken!!!

* Start nu je pc op in VEILIGE MODE. !! zonder netwerkondersteuning !! Hoe start ik in veilige mode op. (http://users.pandora.be/marcvn/spyware/1378056.htm)

Dus heel belangrijk in veilige mode, anders heeft het echt geen zin!!

Dubbelklik op cissefix.bat die op je bureaublad staat. Een dosvenster zal openen en sluiten, dit is normaal.

Reboot terug naar normale mode en plaats een nieuw hijackthislogje.

CisseRAFC
16 May 2005, 16:17
Logfile of HijackThis v1.99.1
Scan saved at 16:05:48, on 16/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\LookNMeet\Agent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Kopie van 2de schijf\Software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/hln/art/cache/homehome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LookNMeet] C:\Program Files\LookNMeet\Agent.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115804947334
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://www.looknmeet.be:8080/lnm_v4/agent/LNMAgentInstaller.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

CisseRAFC
16 May 2005, 19:29
ik heb dus nog steeds mijn virussen hè, 10 in totaal:eek:

miekiemoes
16 May 2005, 19:45
Je log ziet er terug clean uit.
Moest je me nu gewoon eens vertellen welke virussen dit zijn en belangrijker -- in welke map deze zich bevinden.
Kan je me ook even vertellen wie of wat daar melding van geeft van die virussen? En wanneer? Terwijl je aan het scannen bent? Of gewoon tussendoor?

miekiemoes
16 May 2005, 21:34
@ spykiller -- Ja hoor, die stap werd uitgevoerd, want hoe verklaar je anders dat die log clean is zonder er zelf in aan te vinken en te fixen? :)

miekiemoes
17 May 2005, 01:15
Kunnen meldingen zijn die in de systeemherstelpunten zitten -- kunnen meldingen zijn over bestanden die in de backup/quarantaine/restore-map zitten van virus-en/of antispywarescanners -- dus, kan vanalles zijn. :)

CisseRAFC
17 May 2005, 10:37
Jullie zijn allemaal bedankt voor de hulp, ik heb heelemaal geen virussen meer sinds gisterenavond, ik heb gisterenavond voor de zekerheid nog eens 2 keer hitman pro laten runnen, en vanmorgend gewoon mijn virusscanner laten scannen en mijn boeltje is opgeruimd.


Jullie zijn de max, bedankt!!!!








P.S.: Den Antwerp heeft weer niet gewonnen:mad:






Moet ik dat bestandje Cissefix behouden of mag ik dat in de vuilbak gooien???

miekiemoes
17 May 2005, 13:38
Goed dat het opgelost is. Bij deze zal ik deze thread sluiten.
Ja, dat bestandje mag je in de vuilbak gooien, die heb je nu niet meer nodig. :)