hey ,ik heb een paar weken geleden via msn een worm of trojan horse binnen
gekregen met als vermelding op msn zijn dit jouw foto's.Ik heb deze kunnen
verwijderen met trojan remover maar mijne maat zegt dat die zich nog steeds
in mijn registery bevind en ik moet hem gelijk geven want ik kan nog geen
system restore uitvoeren.Hij heeft me het program hijackthis voorgesteld en ik
moest de log file doorsturen naar deze site.Ik hoop dat er iemand is die me
raad kan geven om dit probleem op te lossen hier de logfile
bijgevoegd.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34:29, on 25/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Documents and SettingsAll UsersApplication DataEPSONEPW!3
SSRPE_S40RP7.EXE
C:WINDOWSsystem32RunDll32.exe
C:Program FilesJavajre1.6.0_05binjusched.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSsystem32rundll32.exe
C:Program FilesMcAfee.comAgentmcagent.exe
C:Program FilesSiteAdvisor6261SiteAdv.exe
C:Program FilesMcAfeeMBKMcAfeeDataBackup.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:Program FilesMicrosoft ActiveSyncWcescomm.exe
C:Program FilesWindows LiveMessengerMsnMsgr.Exe
C:PROGRA~1MICROS~3rapimgr.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:Program FilesMcAfeeMSKMskSrver.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesSiteAdvisor6261SAService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesWindows LiveMessengerusnsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesOutlook Expressmsimn.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCommon FilesMicrosoft SharedWindows
LiveWLLoginProxy.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://breedband.telenet.be
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.zita.be/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = blank.htm
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Telenet
Internet
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-
02D8C59F9B1D} - (no file)
R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-
67402a26a215} - C:Program FilesBest_Security_TipstbBes0.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-
B87D-784B7D6BE0B3} - C:Program FilesCommon
FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} -
C:Program FilesSiteAdvisor6261SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-
F45BD3D40CF4} - c:PROGRA~1mcafeemskmcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -
(no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-
D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
C:Program FilesMcAfeeVirusScanscriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no
file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-
5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows
LiveWindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-
02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-
67402a26a215} - C:Program FilesBest_Security_TipstbBes0.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-
B7027CAE2F1A} - C:Program FilesEPSONEPSON Web-To-PageEPSON
Web-To-Page.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-
394C54984B2C} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} -
(no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
(no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-
C6B60AAEBA6D} - C:Program FilesEPSONEPSON Web-To-PageEPSON
Web-To-Page.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-
67402a26a215} - C:Program FilesBest_Security_TipstbBes0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-
17FE6E806AA0} - C:Program FilesSiteAdvisor6261SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32
NvCpl.dll,NvStartup
O4 - HKLM..Run: [FLMK08KB] C:Program FilesMuiltmedia keyboard
Utility1.3KbdAp32A.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program
FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [NBKeyScan] "C:Program FilesNeroNero8Nero
BackItUpNBKeyScan.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_05
binjusched.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon
FilesNeroLibNeroCheck.exe
O4 - HKLM..Run: [UpdateManager] "C:Program FilesCommon
FilesSonicUpdate Managersgtray.exe" /r
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32
NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Hitman Pro Expiration Helper] "C:Program FilesHitman
Proxphelper.exe"
O4 - HKLM..Run: [TrojanScanner] C:Program FilesTrojan
RemoverTrjscan.exe
O4 - HKLM..Run: [mcagent_exe] C:Program
FilesMcAfee.comAgentmcagent.exe /runkey
O4 - HKLM..Run: [SiteAdvisor] "C:Program FilesSiteAdvisor6261
SiteAdv.exe"
O4 - HKLM..Run: [McENUI] C:PROGRA~1McAfeeMHNMcENUI.exe /hide
O4 - HKLM..Run: [McAfee Backup] C:Program
FilesMcAfeeMBKMcAfeeDataBackup.exe
O4 - HKLM..Run: [MBkLogOnHook] C:Program
FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [TrayServer] C:Program FilesMAGIXVideo_deluxe_2008_e-
versionTrayServer.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-
88D8A56B10AA}] "C:Program FilesCommon
FilesNeroLibNMBgMonitor.exe"
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft
ActiveSyncWcescomm.exe"
O4 - HKCU..Run: [EPSON Stylus DX4400 Series] C:WINDOWSSystem32
spoolDRIVERSW32X863
E_FATICAE.EXE /FU "C:WINDOWSTEMPE_S125.tmp" /EF "HKCU"
O4 - HKCU..Run: [swg] C:Program
FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows
LiveMessengerMsnMsgr.Exe" /background
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32
CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32
CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32
CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32
CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOffice10OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:Program
FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-
D9FCDDC9D600} - C:Program FilesWindows
LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows
LiveWriterWriterBrowserExtension.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
(no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-
00C04FAE2D4F} - C:PROGRA~1MICROS~3INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:PROGRA~1MICROS~3INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-
11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~3INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-
82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System
Requirements Lab) -
http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image
Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave
Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: McAfee Application Installer Cleanup (0081551211721787)
(0081551211721787mcinstcleanup) - McAfee, Inc. -
C:WINDOWSTEMP08155~1.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO
EPSON CORPORATION - C:Documents and SettingsAll UsersApplication
DataEPSONEPW!3 SSRPE_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:Program
FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: MBackMonitor - McAfee - C:Program
FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1
McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1
COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1
McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1
COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. -
C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. -
C:Program FilesMcAfeeMSKMskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:Program
FilesNeroNero8Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon
FilesNeroLibNMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:WINDOWSsystem32nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:Program
FilesSiteAdvisor6261SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program
FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

--
End of file - 12410 bytes