PDA

Volledige versie bekijken : Antivermins probleem



·punkie·
10 februari 2007, 23:58
Gedag,

Mijn pc is besmet met Antivermins, iets dat zich voordoet als een antivirusprogramma. Ad-aware, noAdaware en windows defender hebben al verschillende files gevonden en gedelete, maar dat "System Alert!" icoontje rechts onder in men system tray blijft pinken.
Kan iemand mij helpen ? :)

Hier is mijn HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 23:55:40, on 10/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: bw+0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0FA7E373-7ADA-496B-9C20-BDD160D1BBD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: didymiums - {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} - C:\WINDOWS\system32\vblhanf.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Alvast bedankt! ! ;)

Jurgenv1
11 februari 2007, 00:23
* Je kan deze instructies best uitprinten of opslaan in een kladblokbestand, want straks zal je in veilige modus
moeten gaan werken, en dan is deze pagina niet beschikbaar (geen internet)

* Als je logitech desktop messenger niet echt gebruikt, dan raad ik je aan die te de-installeren omdat dit onnodig je systeem vertraagd, het zoekt namelijk naar updates voor je logitech producten terwijl dit perfect handmatig kan zonder zo te vertragen.

* Download smitRem.exe (http://www.downloads.subratam.org/smitRem.exe) en sla dit op op het Bureaublad.
Dubbelklik op het bestand en pak het uit naar zijn eigen map op het Bureaublad.


* Download en installeer AVG Anti-Spyware (http://www.ewido.net/en/download/).
Na de installatie, open AVG Anti-Spyware:
* onder "Status", klik op Change state naast "Resident shield". (wijzig van active naar inactive!)
* onder "Update", klik op de Start update knop.
* onder "Scanner", tab "Settings":- onder "How to act?", klik op "Recommended actions" en selecteer Quarantine. (ZEER BELANGRIJK!)
* onder "Reports", selecteer Automatically generate report after every scan en verwijder het vinkje bij Only if threats were found
Sluit AVG Anti-Spyware. Laat het nog niet scannen.

* Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen
die je kan vinden op: http://users.pandora.be/marcvn/spyware/1414188.htm
Download link van Ad-aware: http://www.lavasoftusa.com/products/ad-aware_se_personal.php

* Start je computer op in VEILIGE MODUS (http://users.pandora.be/marcvn/spyware/1378056.htm)

* Open de smitrem-map op je bureaublad, en dubbelklik op RunThis.bat. Volg de aanwijzigingen op het scherm.
Je bureaublad en ikoontjes zullen even verdwijnen en daarna terug verschijnen, dit is normaal.
Wacht tot het tooltje zijn werk heeft gedaan en Disk Cleanup afgelopen is. Dit kan enige tijd duren, dus wees geduldig.

* Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt.

* Start AVG Anti-Spyware.* Klik op Scan en kies Complete System Scan.
Na de scan; volg onderstaande instructies :
BELANGRIJK : Klik niet op de "Save Scan Report" knop vooraleer je de "Apply all Actions" knop hebt aangeklikt !
* Draag er zorg voor dat Set all elements to: op Quarantine staat (1),
zoniet klik op de link en kies Quarantine in de popup menu. (2)
(Dit geldt niet voor cookies, deze worden onveranderlijk gedelete !)
* Onderaan het venster klik op de Apply all Actions knop. (3)
http://home.scarlet.be/~topalex/ewidoscan.jpg
* Wanneer je de melding krijgt 'All actions have been applied', klik je onderaan op de knop Save Report.

* Ga dan naar Start -> configuratiescherm -> vormgeving en thema's -> bureaublad ->bureaublad aanpassen -> Website -> haal het vinkje weg bij "Security Info" als het er nog staat.

* Herstart je computer in normale modus.

* Download ATF cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

* Doe een online scan via Panda's online virus scan (http://www.pandasoftware.com/activescan/com/activescan_principal.htm) en bewaar het rapport dat je krijgt na het scannen

* Herstart je pc nogmaals en plaats dan een nieuw logje van Hijackthis, samen met het rapport van AVG Anti-Spyware 7.5 en Panda, Post de log van de smitRem tool, die je hier kan vinden: C:\smitfiles.txt.

·punkie·
11 februari 2007, 13:30
Oke,

ik heb dit alles gedaan, maar het "System Alert!" icoontje rechts onder in men system tray blijft pinken. :(

Hier zijn de logs:

Logfile of HijackThis v1.99.1
Scan saved at 13:26:31, on 11/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
H:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: didymiums - {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} - C:\WINDOWS\system32\vblhanf.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe







smitRem © log file
version 3.2

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: zo 11/02/2007
The current time is: 10:59:32,32

Running from
C:\Documents and Settings\Mansel\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{e6adaaf0-79b2-4cf1-a660-50a0b33991a1}"="didymiums"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6adaaf 0-79b2-4cf1-a660-50a0b33991a1}\InProcServer32]
@="C:\WINDOWS\system32\vblhanf.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe (C)2000-2004 Markus Stephany
REGEDIT4

[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XP Firewall allowed access

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re s.dll,-22019"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:Incre diMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:Inc rediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:Incr ediMail"
"E:\\Program Files\\mIRC\\mirc.exe"="E:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"E:\\Battlefield 2142\\BF2142.exe"="E:\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

amcompat.tlb
nscompat.tlb
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 932 'explorer.exe'
Killing PID 932 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{e6adaaf0-79b2-4cf1-a660-50a0b33991a1}"="didymiums"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6adaaf 0-79b2-4cf1-a660-50a0b33991a1}\InProcServer32]
@="C:\WINDOWS\system32\vblhanf.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN! :)

·punkie·
11 februari 2007, 13:31
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:07:19 11/02/2007

+ Scan result:



I:\System Volume Information\_restore{222F0F68-9D9F-4F14-9101-643031A699E4}\RP494\A0075970.exe -> Backdoor.PcClient.gv : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040755.exe -> Backdoor.Rbot : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0041026.exe -> Backdoor.SubSeven.215 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0041068.exe -> Backdoor.SubSeven.215 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040300.exe -> Backdoor.Theef.111 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040352.exe -> Backdoor.Theef.111 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040461.exe -> Backdoor.Theef.111 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040475.exe -> Backdoor.Theef.111 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040595.exe -> Backdoor.Theef.111 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040625.exe -> Backdoor.Theef.111 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040689.exe -> Backdoor.Theef.111 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040690.exe -> Backdoor.Theef.111 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040692.exe -> Backdoor.Theef.111 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040728.exe -> Backdoor.Theef.111 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040834.exe -> Backdoor.Theef.111 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040879.exe -> Backdoor.Theef.111 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040917.exe -> Backdoor.Theef.111 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0041055.exe -> Backdoor.Theef.111 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0041058.exe -> Backdoor.Theef.111 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0041104.exe -> Backdoor.Theef.111 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040329.exe -> Logger.Agent.nbq : Cleaned.
F:\·Programmas·\Office_XP_Pro\Activation Killer\OfficeXP_Activator.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
F:\·Programmas·\Office_XP_Pro_Frontpage_Streamli ned_SP2+Updates+Activation_Killer.rar/Activation Killer\OfficeXP_Activator.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{222F0F68-9D9F-4F14-9101-643031A699E4}\RP494\A0075492.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040271.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040277.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040285.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040290.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040361.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040362.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040406.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040407.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040427.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040497.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040498.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040499.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040542.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040543.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040557.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040559.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040561.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040606.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040608.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040629.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040667.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040708.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040827.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040832.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040844.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040867.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040887.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040934.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0041009.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0041059.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0041061.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040790.exe -> Not-A-Virus.VirTool.Win32.Patcher.a : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040791.exe -> Not-A-Virus.VirTool.Win32.Patcher.a : Cleaned.
:mozilla.212:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.213:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.214:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.215:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.243:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.145:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.146:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.147:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.148:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.36:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.90:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.91:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.94:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.105:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.55:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.129:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.130:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.131:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.132:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.133:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.134:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.97:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.98:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.106:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.217:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.218:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.219:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.220:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.245:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.84:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.70:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.71:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.73:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.49:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.161:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.61:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.62:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.65:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.67:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.89:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.92:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.93:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.95:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.18:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.19:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.20:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.122:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.96:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.81:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.196:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.203:C:\Documents and Settings\Mansel\Application Data\Mozilla\Firefox\Profiles\4tu7jlft.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0041025.exe -> Trojan.Delf.li : Cleaned.
F:\·Programmas·\xp_simulation_setup\Tutorial.exe -> Trojan.KeyLogger.478 : Cleaned.
I:\System Volume Information\_restore{222F0F68-9D9F-4F14-9101-643031A699E4}\RP494\A0074086.exe -> Trojan.KeyLogger.478 : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040426.exe -> Trojan.Proxcrak.A : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040430.exe -> Trojan.Proxcrak.A : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040433.exe -> Trojan.Proxcrak.A : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0040434.exe -> Trojan.Proxcrak.A : Cleaned.
I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP281\A0041088.exe -> Trojan.Proxcrak.A : Cleaned.


::Report end





Panda report:

Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mansel\Cookies\mansel@atdmt[1].txt
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Mansel\Cookies\mansel@metriweb[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mansel\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mansel\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mansel\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mansel\Desktop\smitRem.exe[smitRem/Process.exe]
Virus:Trj/Zlob.FQ Not disinfected F:\·Game Files·\Battlefield 2\Mods\PoE2-v1.0.0.0-mappack.cab[²ÜÇ\InstallOptions.dll]
Virus:Trj/Zlob.FQ Not disinfected F:\·Game Files·\Battlefield 2\Mods\PoE2-v1.0.0.0.exe[²ÜÇ\InstallOptions.dll]
Virus:Trj/Zlob.FQ Not disinfected I:\System Volume Information\_restore{222F0F68-9D9F-4F14-9101-643031A699E4}\RP494\A0074059.exe[²ÜÇ\InstallOptions.dll]
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected I:\System Volume Information\_restore{8E280A60-B33F-466A-BDED-2168DE7D4493}\RP278\A0036712.exe[script\dlls\moo.dll]




:help:
Alvast bedankt! ;)

Jurgenv1
11 februari 2007, 16:12
Download roguescanfix_setup (http://users.telenet.be/Beamerke/tools/roguescanfix_setup.exe).

Dubbelklik op roguescanfix_setup om het te installeren.

Na de installatie krijg je de vraag om het programma te laten opstarten. Kies dan JA/YES.

Nota: Deze tool heeft internet connectie nodig zodat het een extra bestand kan downloaden om deze tool te laten werken.
Indien je Firewall een alert geeft, sta het toe en blokkeer het niet
Indien je daarna nog steeds de melding krijgt dat BFU.exe niet aanwezig is, download BFU.exe van hier (http://www.merijn.org/files/bfu.zip).
Unzip het en plaats BFU.exe in de c:\PROGRAM FILES\Roguescanfix-map. Dubbelklik daarna opnieuw op Roguescanfix.bat

Er zal een dosvenster openen met een keuzemenu.
Kies hier optie #1: Run roguescanfix

Deze tool zal sommige ongewenste programma's deïnstalleren en gerelateerde bestanden en registersleutels verwijderen.
Indien sommige bestanden niet kunnen verwijderd worden, zal deze tool vragen of je je pc opnieuw wilt opstarten.
Zorg er wel eerst voor dat het deïnstalleren van de ongewenste programma's voltooid is vooraleer je op 'Yes' klikt om je pc opnieuw te laten opstarten.

Er zal een kladblokbestandje openen. Plaats de inhoud van dat bestandje in je volgende antwoord, samen met een nieuw logje van Hijackthis.
(Het bestandje vind je ook in c:\program files\roguescanfix\task.txt)

·punkie·
11 februari 2007, 16:59
Het "System Alert!" icoontje staat er nog.



Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{e6adaaf0-79b2-4cf1-a660-50a0b33991a1}"="didymiums"


sharedtaskkey: e6adaaf0-79b2-4cf1-a660-50a0b33991a1
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6adaaf 0-79b2-4cf1-a660-50a0b33991a1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6adaaf 0-79b2-4cf1-a660-50a0b33991a1}\InProcServer32]
@="C:\\WINDOWS\\system32\\vblhanf.dll"
"ThreadingModel"="Apartment"




Logfile of HijackThis v1.99.1
Scan saved at 16:58:26, on 11/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
H:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: didymiums - {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} - C:\WINDOWS\system32\vblhanf.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


grtz
-punkie-

Jurgenv1
11 februari 2007, 17:14
Start roguescanfix opnieuw, en kies nu voor optie #2: Run sharedtasksrem.
Er zal een kladblokbestandje openen. Plaats de inhoud van dat bestandje in je volgende antwoord.

·punkie·
11 februari 2007, 17:29
Het icoontje is weg :woohoo:
Ik heb wel niet gereboot

ROGUESCANFIX LOGFILE


--- Export SharedTaskScheduler key ---

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{e6adaaf0-79b2-4cf1-a660-50a0b33991a1}"="didymiums"



--- Export SSODL key ---

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"didymiums"="{e6adaaf0-79b2-4cf1-a660-50a0b33991a1}"



--- sharedtaskkey (1): e6adaaf0-79b2-4cf1-a660-50a0b33991a1 ---

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6adaaf 0-79b2-4cf1-a660-50a0b33991a1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6adaaf 0-79b2-4cf1-a660-50a0b33991a1}\InProcServer32]
@="C:\\WINDOWS\\system32\\vblhanf.dll"
"ThreadingModel"="Apartment"

checking for files:
vblhanf.dll found
vblhanf.dll deleted!


--- Cleaning process finished! ---



--- Export SharedTaskScheduler key after cleaning process ---

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"




--- Export SSODL key ---


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"


Finished!




Logfile of HijackThis v1.99.1
Scan saved at 17:29:13, on 11/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
E:\Steam\Steam.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
H:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


:)

Jurgenv1
11 februari 2007, 19:15
Ziet er goed uit nu. :)

·punkie·
11 februari 2007, 19:18
Oké !
ge zij ne schat Jurgen ! ;)

Nog 1 vraagje, welke anti spyware en anti virus prog is het beste (al dan niet betalend) ?

Tnx :woohoo:
-punkie-

Jurgenv1
11 februari 2007, 19:19
Nog een paar tips om problemen te voorkomen in de toekomst:

Installeer alvast volgende GRATIS programmatjes indien je ze nog niet hebt:

Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html)
Adaware se (http://www.majorgeeks.com/download506.html)
Spybot s&d (http://www.safer-networking.org/en/index.html)


Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.

En kies eventueel een alternatieve browser zoals Opera (http://www.opera.com) of Firefox (http://www.mozilla.org/products/firefox/).

En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall (http://housecall.trendmicro.com/) en/of Bitdefender (http://www.bitdefender.com/scan/licence.php). Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!

En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/

Bekijk ook eens deze 2 filmpjes.. Heel interessant:
http://www2.trosradar.nl/mediaplayer/player.php?videoID=524&mode=dossier#
http://www.benedelman.org/spyware/security-111804.wmv


Meer preventietips zijn ook op volgende sites te vinden:

http://www.bluemedicine.be
http://users.telenet.be/marcvn/spyware
How did I get infected in the first place (http://castlecops.com/postitle7736-0-0-.html) (article by TonyKlein)
Het voorkomen van spyware-infecties en browserhijacking (http://www.antispywareoffensief.nl/forum/showthread.php?t=55)

·punkie·
11 februari 2007, 19:19
Thnx ! ;)

Jurgenv1
11 februari 2007, 19:19
No prob. :)