PDA

Volledige versie bekijken : logje



koemans
22 maart 2007, 18:35
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:35:31, on 22/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Access ActiveX Object\isamntr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\World of Warcraft\Launcher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Video Access ActiveX Object\isamini.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\GAULTH~1\LOCALS~1\Temp\Rar$EX16.4812\H iJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearflix.com/be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video Access ActiveX Object\isamntr.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - C:\WINDOWS\system32\geplxss.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://wallpapers.skins.be/nelly-furtado/nelly-furtado-1280x960-25003.jpg

--
End of file - 8273 bytes

koemans
22 maart 2007, 18:36
heb trojaan

Jurgenv1
22 maart 2007, 19:02
* Je kan deze instructies best uitprinten of opslaan in een kladblokbestand, want straks zal je in veilige modus
moeten gaan werken, en dan is deze pagina niet beschikbaar (geen internet)

* Download smitRem.exe (http://www.downloads.subratam.org/smitRem.exe) en sla dit op op het Bureaublad.
Dubbelklik op het bestand en pak het uit naar zijn eigen map op het Bureaublad.


* Download en installeer AVG Anti-Spyware (http://www.ewido.net/en/download/).
Na de installatie, open AVG Anti-Spyware:
* onder "Status", klik op Change state naast "Resident shield". (wijzig van active naar inactive!)
* onder "Update", klik op de Start update knop.
* onder "Scanner", tab "Settings":- onder "How to act?", klik op "Recommended actions" en selecteer Quarantine. (ZEER BELANGRIJK!)
* onder "Reports", selecteer Automatically generate report after every scan en verwijder het vinkje bij Only if threats were found
Sluit AVG Anti-Spyware. Laat het nog niet scannen.

* Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen
die je kan vinden op: http://users.pandora.be/marcvn/spyware/1414188.htm
Download link van Ad-aware: http://www.lavasoftusa.com/products/ad-aware_se_personal.php

* Start je computer op in VEILIGE MODUS (http://users.pandora.be/marcvn/spyware/1378056.htm)

* Open de smitrem-map op je bureaublad, en dubbelklik op RunThis.bat. Volg de aanwijzigingen op het scherm.
Je bureaublad en ikoontjes zullen even verdwijnen en daarna terug verschijnen, dit is normaal.
Wacht tot het tooltje zijn werk heeft gedaan en Disk Cleanup afgelopen is. Dit kan enige tijd duren, dus wees geduldig.

* Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt.

* Start AVG Anti-Spyware.* Klik op Scan en kies Complete System Scan.
Na de scan; volg onderstaande instructies :
BELANGRIJK : Klik niet op de "Save Scan Report" knop vooraleer je de "Apply all Actions" knop hebt aangeklikt !
* Draag er zorg voor dat Set all elements to: op Quarantine staat (1),
zoniet klik op de link en kies Quarantine in de popup menu. (2)
(Dit geldt niet voor cookies, deze worden onveranderlijk gedelete !)
* Onderaan het venster klik op de Apply all Actions knop. (3)
http://home.scarlet.be/~topalex/ewidoscan.jpg
* Wanneer je de melding krijgt 'All actions have been applied', klik je onderaan op de knop Save Report.

* Herstart je computer in normale modus.

* Download ATF cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

* Doe een online scan via Panda's online virus scan (http://www.pandasoftware.com/activescan/com/activescan_principal.htm) en bewaar het rapport dat je krijgt na het scannen

* Herstart je pc nogmaals en plaats dan een nieuw logje van Hijackthis, samen met het rapport van AVG Anti-Spyware 7.5 en Panda, Post de log van de smitRem tool, die je hier kan vinden: C:\smitfiles.txt.

koemans
22 maart 2007, 20:56
ik heb dit alemaal gedaan zo als gevraagt en nog eens een extra scane met windows defender
http://www.submarinecrew.be/gauthier/trojaan.JPG das echt raar

Jurgenv1
22 maart 2007, 21:03
Waar zijn de logs?

koemans
22 maart 2007, 21:10
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:10:28, on 22/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Access ActiveX Object\isamntr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\BearFlix\BearFlix.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Gaulthier\Bureaublad\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video Access ActiveX Object\isamntr.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - C:\WINDOWS\system32\geplxss.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://wallpapers.skins.be/nelly-furtado/nelly-furtado-1280x960-25003.jpg

--
End of file - 8593 bytes

koemans
22 maart 2007, 21:25
als je ff de link checkt zie je welke trojaan het is zien

Jurgenv1
22 maart 2007, 21:29
Waar is de rest van de gevraagde logs?

koemans
22 maart 2007, 21:29
hoe bedoel je?

koemans
22 maart 2007, 21:31
Incident Status Location

Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt[.metriweb.be/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt[.doubleclick.net/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Gaulthier\Bureaublad\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Gaulthier\Bureaublad\smitRem.exe[smitRem/Process.exe]
Adware:Adware/SecurityError Not disinfected C:\Program Files\Video Access ActiveX Object\isadd.dll
Virus:Trj/dmRandom.HF Disinfected C:\WINDOWS\system32\kdgol.exe




avg anti virus


C:\WINDOWS\system32\actskn45.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaulthier\Shared\ipod games pacman 47.zip/setup.exe -> Hijacker.Agent.hi : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.156:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.112:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.74:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Gaulthier\Cookies\gaulthier@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Gaulthier\Cookies\gaulthier@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.125:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.126:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.161:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Gaulthier\Cookies\gaulthier@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.15:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Gaulthier\Cookies\gaulthier@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.69:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.186:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.187:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.103:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.104:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.105:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.106:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.107:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.113:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.115:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.116:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\Gaulthier\Cookies\gaulthier@image.masters tats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.132:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.133:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.183:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.184:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.185:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Gaulthier\Cookies\gaulthier@adopt.specifi cclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.91:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.92:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.93:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.94:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.95:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.67:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.68:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.57:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Gaulthier\Cookies\gaulthier@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.190:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.191:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.23:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.24:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.25:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.26:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Jurgenv1
22 maart 2007, 21:38
Download roguescanfix_setup (http://users.telenet.be/Beamerke/tools/roguescanfix_setup.exe).

Dubbelklik op roguescanfix_setup om het te installeren.

Na de installatie krijg je de vraag om het programma te laten opstarten. Kies dan JA/YES.

Nota: Deze tool heeft internet connectie nodig zodat het een extra bestand kan downloaden om deze tool te laten werken.
Indien je Firewall een alert geeft, sta het toe en blokkeer het niet
Indien je daarna nog steeds de melding krijgt dat BFU.exe niet aanwezig is, download BFU.exe van hier (http://www.merijn.org/files/bfu.zip).
Unzip het en plaats BFU.exe in de c:\PROGRAM FILES\Roguescanfix-map. Dubbelklik daarna opnieuw op Roguescanfix.bat

Er zal een dosvenster openen met een keuzemenu.
Kies hier optie #1: Run roguescanfix

Deze tool zal sommige ongewenste programma's deïnstalleren en gerelateerde bestanden en registersleutels verwijderen.
Indien sommige bestanden niet kunnen verwijderd worden, zal deze tool vragen of je je pc opnieuw wilt opstarten.
Zorg er wel eerst voor dat het deïnstalleren van de ongewenste programma's voltooid is vooraleer je op 'Yes' klikt om je pc opnieuw te laten opstarten.

Er zal een kladblokbestandje openen. Plaats de inhoud van dat bestandje in je volgende antwoord, samen met een nieuw logje van Hijackthis.
(Het bestandje vind je ook in c:\program files\roguescanfix\task.txt)

koemans
22 maart 2007, 21:49
BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 21:48:24, on 22/03/2007

Option pause between commands: 100 ms
Failed: FileDelete C:\Documents and Settings\Gaulthier\Application Data\Microsoft\Internet Explorer\QuickLaunch\SpyFalcon*.* (operation failed)
Failed: FileDelete C:\Documents and Settings\Gaulthier\Application Data\Microsoft\Internet Explorer\QuickLaunch\SpywareQuake*.* (operation failed)
Failed: FileDelete C:\Documents and Settings\Gaulthier\Application Data\Microsoft\Internet Explorer\QuickLaunch\Spyware Sherif*.* (operation failed)
Failed: FolderDelete C:\Program Files\eMedia Codec (folder not found)
Failed: FolderDelete C:\Program Files\Media-Codec (folder not found)
Failed: FolderDelete C:\Program Files\spyfalcon (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaulthier\Menu Start\Programma's\SpyFalcon (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaulthier\Menu Start\Programma's\SpywareQuake (folder not found)
Failed: FolderDelete C:\Program Files\SpywareQuake (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\1024 (folder not found)
Failed: FolderDelete C:\Program Files\Trust Cleaner (folder not found)
Failed: FolderDelete C:\Program Files\TrustIn Contextual (folder not found)
Failed: FolderDelete C:\Program Files\TrustIn Bar (folder not found)
Failed: FolderDelete C:\Program Files\TrustIn Popups (folder not found)
Failed: FolderDelete C:\Program Files\TrustIn Search (folder not found)
Failed: FolderDelete C:\Program Files\SpywareQuake.com (folder not found)
Failed: FolderDelete C:\Program Files\SpywareStrike (folder not found)
Failed: FolderDelete C:\Program Files\SpyQuake2.com (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaulthier\Menu Start\Programma's\SpyQuake2.com (folder not found)
Failed: FolderDelete C:\Program Files\IntCodec (folder not found)
Failed: FolderDelete C:\Program Files\virusburst (folder not found)
Failed: FolderDelete C:\Program Files\virus-burst (folder not found)
Failed: FolderDelete C:\Program Files\strCodec (folder not found)
Failed: FolderDelete C:\Program Files\vb (folder not found)
Failed: FolderDelete C:\Program Files\virusburster (folder not found)
Failed: FolderDelete C:\Program Files\virusbursters (folder not found)
Script completed.

koemans
22 maart 2007, 21:51
en Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"


sharedtaskkey: aed6f6a3-183c-488d-9f90-23db99f56e7f
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed6f6a 3-183c-488d-9f90-23db99f56e7f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed6f6a 3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\\WINDOWS\\system32\\geplxss.dll"
"ThreadingModel"="Apartment"







nieuwe blog:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:51:36, on 22/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Video Access ActiveX Object\isamntr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Roguescanfix\BFU.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Gaulthier\Bureaublad\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video Access ActiveX Object\isamntr.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - C:\WINDOWS\system32\geplxss.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://wallpapers.skins.be/nelly-furtado/nelly-furtado-1280x960-25003.jpg

--
End of file - 8527 bytes

Jurgenv1
22 maart 2007, 22:05
Btw: Waar is de log van smitrem gebleven?

koemans
22 maart 2007, 22:07
vind ik niet :( moet ik dat nu opnieuw runnen?

koemans
22 maart 2007, 22:12
maar is er nix spesiaal hoe je gewoon dat ding kan verwijderen?

Jurgenv1
22 maart 2007, 22:27
maar is er nix spesiaal hoe je gewoon dat ding kan verwijderen?

Dat speciaal ding was de smitrem tool...

koemans
22 maart 2007, 22:29
moet ik dat nu opnieuw runnen?

koemans
22 maart 2007, 22:30
en in save modus ? of gewoon?

koemans
22 maart 2007, 22:38
ik heb het net opnieuw gerunt maar krijg geen log oO

Jurgenv1
23 maart 2007, 07:27
Zo te zien lees je mijn posts niet goed of volledig. ;)
Voer mijn stappen uit in de opgegeven volgorde uit en sla niks over.

koemans
23 maart 2007, 20:02
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:00:58, on 23/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\BearFlix\BearFlix.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gaulthier\Bureaublad\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video Access ActiveX Object\isamntr.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - C:\WINDOWS\system32\geplxss.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://wallpapers.skins.be/nelly-furtado/nelly-furtado-1280x960-25003.jpg

--
End of file - 8326 bytes








[B]SMITFILES

smitRem © log file
version 3.2

by noahdfear


Microsoft Windows XP [versie 5.1.2600]
"IE"="6.0000"

Running from
C:\Documents and Settings\Gaulthier\Bureaublad\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed6f6a 3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\system32\geplxss.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe (C)2000-2004 Markus Stephany
REGEDIT4

[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XP Firewall allowed access

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re s.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"="C:\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enGB-downloader.exe"="C:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe"="C:\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Micr osoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Een DLL-bestand als toepassing starten"
"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe:*:Enabled:eTrust Antivirus - RPC Server"
"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe:*:Enabled:eTrust Antivirus - Local Scanner"
"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe:*:Enabled:eTrust Antivirus - Realtime monitor"
"C:\\Program Files\\CA\\eTrust Antivirus\\InoNmSrv.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\InoNmSrv.exe:*:Enabled:eTrust Antivirus - Admin Server"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enGB-downloader.exe"="C:\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe"="C:\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTor rent"
"C:\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe"="C:\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Demo\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142 Demo\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\CA\\eTrust Antivirus\\Shellscn.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\Shellscn.exe:*:Enabled:Shellscn"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:B earShare"
"C:\\Program Files\\BearFlix\\bearflix.exe"="C:\\Program Files\\BearFlix\\bearflix.exe:*:Enabled:BearFlix"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 948 'explorer.exe'
Killing PID 948 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed6f6a 3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\system32\geplxss.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN! :)



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:09:13 23/03/2007

+ Scan result:



C:\System Volume Information\_restore{21E8D83E-56B3-4206-994C-119E34EF7B6C}\RP51\A0013199.exe -> Downloader.Zlob.atd : Cleaned with backup (quarantined).
C:\Program Files\Video Access ActiveX Object\iesuninst.exe -> Downloader.Zlob.atj : Cleaned with backup (quarantined).
C:\Program Files\Video Access ActiveX Object\isamini.exe -> Downloader.Zlob.atj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21E8D83E-56B3-4206-994C-119E34EF7B6C}\RP51\A0013200.dll -> Downloader.Zlob.atj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21E8D83E-56B3-4206-994C-119E34EF7B6C}\RP52\A0013210.dll -> Downloader.Zlob.atj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21E8D83E-56B3-4206-994C-119E34EF7B6C}\RP52\A0013258.exe -> Downloader.Zlob.atj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21E8D83E-56B3-4206-994C-119E34EF7B6C}\RP53\A0013268.exe -> Downloader.Zlob.atj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21E8D83E-56B3-4206-994C-119E34EF7B6C}\RP53\A0013418.dll -> Downloader.Zlob.atj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21E8D83E-56B3-4206-994C-119E34EF7B6C}\RP54\A0013462.exe -> Downloader.Zlob.atj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21E8D83E-56B3-4206-994C-119E34EF7B6C}\RP54\A0013469.dll -> Downloader.Zlob.atj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21E8D83E-56B3-4206-994C-119E34EF7B6C}\RP55\A0013474.exe -> Downloader.Zlob.atj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21E8D83E-56B3-4206-994C-119E34EF7B6C}\RP55\A0013478.dll -> Downloader.Zlob.atj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21E8D83E-56B3-4206-994C-119E34EF7B6C}\RP56\A0013488.exe -> Downloader.Zlob.atj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21E8D83E-56B3-4206-994C-119E34EF7B6C}\RP56\A0013493.exe -> Downloader.Zlob.atj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21E8D83E-56B3-4206-994C-119E34EF7B6C}\RP56\A0013497.dll -> Downloader.Zlob.atj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21E8D83E-56B3-4206-994C-119E34EF7B6C}\RP58\A0013513.exe -> Downloader.Zlob.atj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21E8D83E-56B3-4206-994C-119E34EF7B6C}\RP58\A0013515.dll -> Downloader.Zlob.atj : Cleaned with backup (quarantined).
C:\Program Files\Video Access ActiveX Object\isamntr.exe -> Downloader.Zlob.bpn : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.146:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.73:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.74:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.75:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.77:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.52:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.53:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.54:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.30:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Gaulthier\Cookies\gaulthier@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.47:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\Documents and Settings\Gaulthier\Application Data\Mozilla\Firefox\Profiles\0n7z6m5z.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{21E8D83E-56B3-4206-994C-119E34EF7B6C}\RP46\A0012996.exe -> Trojan.DNSChanger.ih : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21E8D83E-56B3-4206-994C-119E34EF7B6C}\RP46\A0012999.exe -> Trojan.DNSChanger.ih : Cleaned with backup (quarantined).


::Report end












Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Gaulthier\Bureaublad\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Gaulthier\Bureaublad\smitRem(2).exe[smitRem/Process.exe]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Gaulthier\Cookies\gaulthier@atdmt[2].txt
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Gaulthier\Cookies\gaulthier@metriweb[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Roguescanfix\Process.exe

koemans
23 maart 2007, 20:04
clean ??

Jurgenv1
23 maart 2007, 21:00
Download roguescanfix_setup (http://users.telenet.be/Beamerke/tools/roguescanfix_setup.exe).

Dubbelklik op roguescanfix_setup om het te installeren.

Na de installatie krijg je de vraag om het programma te laten opstarten. Kies dan JA/YES.

Nota: Deze tool heeft internet connectie nodig zodat het een extra bestand kan downloaden om deze tool te laten werken.
Indien je Firewall een alert geeft, sta het toe en blokkeer het niet
Indien je daarna nog steeds de melding krijgt dat BFU.exe niet aanwezig is, download BFU.exe van hier (http://www.merijn.org/files/bfu.zip).
Unzip het en plaats BFU.exe in de c:\PROGRAM FILES\Roguescanfix-map. Dubbelklik daarna opnieuw op Roguescanfix.bat

Er zal een dosvenster openen met een keuzemenu.
Kies hier optie #1: Run roguescanfix

Deze tool zal sommige ongewenste programma's deïnstalleren en gerelateerde bestanden en registersleutels verwijderen.
Indien sommige bestanden niet kunnen verwijderd worden, zal deze tool vragen of je je pc opnieuw wilt opstarten.
Zorg er wel eerst voor dat het deïnstalleren van de ongewenste programma's voltooid is vooraleer je op 'Yes' klikt om je pc opnieuw te laten opstarten.

Er zal een kladblokbestandje openen. Plaats de inhoud van dat bestandje in je volgende antwoord, samen met een nieuw logje van Hijackthis.
(Het bestandje vind je ook in c:\program files\roguescanfix\task.txt)

koemans
23 maart 2007, 21:22
maar die dinges zegt dat die trojan weg is o,O

Jurgenv1
23 maart 2007, 21:33
maar die dinges zegt dat die trojan weg is o,O

Welke 'dinges'? Ik snap niet waarom je zo tegenwerkt, het is zo gepiept hoor, het ergste is al voorbij. :niceone:

koemans
23 maart 2007, 21:41
ma kwil game :d

Jurgenv1
23 maart 2007, 21:57
ma kwil game :d

Doet het van eerste keer goed, want het is de bedoeling dat je maar 1 keer ziet, snappie. ;)

Voer het gewoon uit en we zien wel; als je pc clean is zal het veel aangenamer zijn en zal ik wel paar tips geven om problemen in de toekomst te vermijden.

koemans
23 maart 2007, 22:40
Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"


sharedtaskkey: aed6f6a3-183c-488d-9f90-23db99f56e7f
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed6f6a 3-183c-488d-9f90-23db99f56e7f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed6f6a 3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\\WINDOWS\\system32\\geplxss.dll"
"ThreadingModel"="Apartment"



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:40:20, on 23/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\BearFlix\BearFlix.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Roguescanfix\BFU.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Gaulthier\Bureaublad\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video Access ActiveX Object\isamntr.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - C:\WINDOWS\system32\geplxss.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://wallpapers.skins.be/nelly-furtado/nelly-furtado-1280x960-25003.jpg

--
End of file - 8440 bytes

Jurgenv1
23 maart 2007, 23:36
Je kan beter deze instructies opslaan omdat je pc zal moeten herstarten.
Download Wareoutfix van één van deze twee site's:

http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Sla het op op je bureaublad en laat het runnen. Klik dan op Next, dan op Install, wees zeker dat "Run fixit" is aangevinkt en klik op Finish. De fix zal beginnen; volg de instructies die je krijgt. Er zal gevraagd worden of je je pc wilt herstarten; doe dit ook. Je computer zal nu wat trager opstarten, dit is normaal


Wanneer het bureaublad verschenen is, zal je een tekstbestandje zien te voorschijn komen. Start nu roguescanfix opnieuw, en kies nu voor optie #2: Run sharedtasksrem.
Er zal een kladblokbestandje openen. Plaats de inhoud van dat bestandje in je volgende antwoord + de inhoud van Fixwareout (report.txt)

koemans
24 maart 2007, 09:56
ROGUESCANFIX LOGFILE


--- Export SharedTaskScheduler key ---

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"



--- Export SSODL key ---

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"



--- sharedtaskkey (1): aed6f6a3-183c-488d-9f90-23db99f56e7f ---

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed6f6a 3-183c-488d-9f90-23db99f56e7f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed6f6a 3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\\WINDOWS\\system32\\geplxss.dll"
"ThreadingModel"="Apartment"

checking for files:
geplxss.dll NOT found


--- Cleaning process finished! ---



--- Export SharedTaskScheduler key after cleaning process ---

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"




--- Export SSODL key ---


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"


Finished!






Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdgol.exe"

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"GBB36X Configure"="C:\\WINDOWS\\system32\\JMRaidTool.exe boot"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
@=""
"Launch LGDCore"="\"C:\\Program Files\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE"
"Launch LCDMon"="\"C:\\Program Files\\Logitech\\G-series Software\\LCDMon.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"BearFlix"="\"C:\\Program Files\\BearFlix\\BearFlix.exe\" /pause"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.248 0\\GoogleToolbarNotifier.exe"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

Jurgenv1
24 maart 2007, 11:58
Kan ik een nieuw hijackthis logje zien?

koemans
24 maart 2007, 13:08
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:07:46, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\BearFlix\BearFlix.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gaulthier\Bureaublad\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://wallpapers.skins.be/nelly-furtado/nelly-furtado-1280x960-25003.jpg

--
End of file - 8092 bytes

Jurgenv1
24 maart 2007, 13:41
* Ga naar start==<configuratiescherm==>software en deïnstalleer:
bearshare <== installeert malware met zich mee: http://p2p.malwareremoval.com/index.html

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6.0 (http://java.sun.com/javase/downloads/index.jsp).
Scroll omlaag naar : "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Klik op de "Download" knop aan de rechterkant.
Vink aan: "Accept License Agreement".
De pagina zal herladen.
Klik op de link om Windows Offline Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6-windows-i586.exe op je Bureaublad om de nieuwste versie van Java te installeren.

* Open hijackthis en vink volgende regels aan:

O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\..\{346BB2EB-C29A-408F-AA18-31DCF4504EFA}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69

* Sluit dan alle vensters behalve hijackthis en klik op 'fix checked'

* Verwijder volgende map indien aanwezig:

C:\Program Files\BearShare applications

* Herstart je pc en post een nieuw hijackthis logje hier en vertel hoe alles verder werkt.

koemans
24 maart 2007, 16:09
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:06:40, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Gaulthier\Bureaublad\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://wallpapers.skins.be/nelly-furtado/nelly-furtado-1280x960-25003.jpg

--
End of file - 7056 bytes


alles werkt goed denk ik zover maar men wow start redelijk traag op nu :s :doh:

koemans
24 maart 2007, 16:13
ik heb nu jre java 1.6.0

Jurgenv1
24 maart 2007, 17:32
* Fix de volgende regel in hijacktis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

* Sluit alle open programma's (ook je browsers dus) en laat ATF cleaner nogmaals runnen, daarna doe je eens een schijfdefragmentatie.

koemans
24 maart 2007, 18:33
Volume (C:)
Volumegrootte = 233 GB
Clustergrootte = 4 kB
Gebruikte ruimte = 35,08 GB
Beschikbare ruimte = 198 GB
Percentage vrije ruimte = 84 %

Volumefragmentatie
Totale fragmentatie = 0 %
Bestandsfragmentatie = 0 %
Fragmentatie van vrije ruimte = 0 %

Bestandsfragmentatie
Totaal aantal bestanden = 40.385
Gemiddelde bestandsgrootte = 1 MB
Totaal aantal gefragmenteerde bestanden = 0
Totaal aantal overtollige fragmenten = 0
Gemiddeld aantal fragmenten per bestand = 1,00

Fragmentatie van wisselbestand
Wisselbestandsgrootte = 1,50 GB
Totaal aantal fragmenten = 1

Mapfragmentatie
Totaal aantal mappen = 3.987
Gefragmenteerde mappen = 1
Overtollige mapfragmenten = 0

MFT-fragmentatie
Totale grootte van MFT = 52 MB
Aantal MFT-records = 44.621
Percentage van MFT dat in gebruik is = 83 %
Totaal aantal MFT-fragmenten = 2

--------------------------------------------------------------------------------
Fragmenten Bestandsgrootte Bestanden die niet kunnen worden gedefragmenteerd
Geen





NIEUWE hijackthis


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:33:28, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gaulthier\Bureaublad\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://wallpapers.skins.be/nelly-furtado/nelly-furtado-1280x960-25003.jpg

--
End of file - 6916 bytes

Jurgenv1
24 maart 2007, 19:16
Ziet er goed uit, zijn er nog problemen?

koemans
24 maart 2007, 19:33
nope thx alot :)

Jurgenv1
24 maart 2007, 19:44
No prob.

koemans
24 maart 2007, 23:30
ge ging my nog wa hints geven remember? :D

Jurgenv1
25 maart 2007, 01:13
:tongue: :tongue: ;)

Nog een paar tips om problemen te voorkomen in de toekomst:

Installeer alvast volgende GRATIS programmatjes indien je ze nog niet hebt:

Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html)
Adaware se (http://www.majorgeeks.com/download506.html)
Spybot s&d (http://www.safer-networking.org/en/index.html)


Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.

En kies eventueel een alternatieve browser zoals Opera (http://www.opera.com) of Firefox (http://www.mozilla.org/products/firefox/).

En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall (http://housecall.trendmicro.com/) en/of Bitdefender (http://nl.bitdefender.com/scan8/). Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!

En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/

Bekijk ook eens deze 2 filmpjes.. Heel interessant:
http://www2.trosradar.nl/mediaplayer/player.php?videoID=524&mode=dossier#
http://www.benedelman.org/spyware/security-111804.wmv


Meer preventietips zijn ook op volgende sites te vinden:

http://www.bluemedicine.be
http://users.telenet.be/marcvn/spyware
How did I get infected in the first place (http://castlecops.com/postitle7736-0-0-.html) (article by TonyKlein)
Het voorkomen van spyware-infecties en browserhijacking (http://www.antispywareoffensief.nl/forum/showthread.php?t=55)