hey de computer van mijn vader zit vol met spyware willen jullie eens kijken



Logfile of HijackThis v1.99.1
Scan saved at 12:11:05, on 4/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SnVsaWVuIFdleW5hbnRz\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\winupdates\winupdates.exe
C:\dfndrc_4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SSTEM~1\msconfig.exe
C:\Program Files\Common Files\s?mbols\l?gonui.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\msconfig.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\svchost.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\taskmgr.exe
C:\Program Files\NetMeeting\wWB32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/be/nlb/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/be/nlb/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrc_4.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdc_4.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmc_4.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\SSTEM~1\msconfig.exe" -vt yazr
O4 - HKCU\..\Run: [Nfdwzg] C:\Program Files\Common Files\s?mbols\l?gonui.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: msconfig.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: taskmgr.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://www.telenet.be/sys/tisp/ocx/PlaNetSysInfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://gamezone.telenet.be/static/ocx/ExentCtl.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122545972815
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmc.dll C:\WINDOWS\system32\msdtc.dll
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\p4n80e5ueh.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SnVsaWVuIFdleW5hbnRz\command.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

* Download Alcanshorty (http://users.telenet.be/Beamerke/tools/alcanshorty_nl.exe), en plaats het op je bureaublad.

Dubbelklik op alcanshorty_nl om het te installeren.

Open daarna de map alcanshorty_nl , en dubbelklik op run.bat

De ikoontjes op je bureaublad zullen verdwijen en daarna terug verschijnen. Dit is normaal.

Wacht op de "Completed script execution"-boodschap en klik op "OK"

Sluit BFU af door op "EXIT" te klikken.

* Download Look2Me-Destroyer.exe (http://www.atribune.org/ccount/click.php?id=7) naar je bureaublad.
Sluit alle open venster.
Dubbelklik Look2Me-Destroyer.exe om het te starten.
Zet een vinkje naast Run this program as a task.
Je zal een melding krijgen met: 'Look2Me-Destroyer will close and re-open in approximately 10 seconds'. Klik OK
Wanneer Look2Me-Remover opnieuw opent, Klik de Scan for L2M knop.
Je bureaublad icoontjes en taakbalk zullen verdwijnen, dit is normaal.
Eénmaal gedaan met scannen, klik de Remove L2M knop.
Je zal de boodschap Done Scanning krijgen, klik OK.
Nadien zal je volgende melding krijgen: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, klik OK.
Je computer zal dan afsluiten.
Start je computer opnieuw op.
Post de inhoud van C:\Look2Me-Destroyer.txt samen met een nieuw hijackthislogje.
Indien je een alert krijgt van je firewall dat dit programma probeert toegang te krijgen met het internet, sta het toe en blokkeer het niet!

Indien je een runtime error '339' krijgt, download MSWINSCK.OCX via onderstaande link en plaats het in je C:\Windows\System32 map.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

ok zal ik doen ik ben nu thuis en ik heb de computer van men vader niet bij me dus zal ik dat doen als ik eens langsga.

hey,


als ik de map alcanshorty_nl wil openen en ik druk op run.bat dan geeft het de foutmelding : Dit bestand wordt momenteel door een ander programma gebruikt.

hoe komt dat ?

Probeer eerst eens L2Mdestroyer en dan Alcanfix. :)

hier is mijn logje van hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 18:21:53, on 18/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\dfndrac_6.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Common Files\{9899851A-07CA-1043-1002-020105290020}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SSTEM~1\msconfig.exe
C:\Documents and Settings\guillaume\Application Data\T?sks\r?ndll32.exe
C:\PROGRA~1\COMMON~1\miwq\miwqm.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\msconfig.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\svchost.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\taskmgr.exe
C:\WINDOWS\SnVsaWVuIFdleW5hbnRz\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\Tijdelijke map 4 voor hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/be/nlb/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/be/nlb/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defender] C:\\dfndrac_6.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdaca_6.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmac_6.exe
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Adru] "C:\PROGRA~1\SSTEM~1\msconfig.exe" -vt yazr
O4 - HKCU\..\Run: [Dffmrnt] C:\Documents and Settings\guillaume\Application Data\T?sks\r?ndll32.exe
O4 - HKCU\..\Run: [miwq] C:\PROGRA~1\COMMON~1\miwq\miwqm.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: msconfig.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: taskmgr.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://www.telenet.be/sys/tisp/ocx/PlaNetSysInfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://gamezone.telenet.be/static/ocx/ExentCtl.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122545972815
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmc.dll C:\WINDOWS\system32\msdtc.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SnVsaWVuIFdleW5hbnRz\command.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


en hier mijn logje van Look2Me-Destroyer



Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 18/07/2006 18:09:02
Infected! C:\WINDOWS\system32\m2po0c73ef.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP475\A0066885.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP475\A0066887.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP476\A0066905.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP478\A0066937.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP479\A0066952.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP480\A0066960.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP480\A0066964.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP481\A0068322.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP481\A0068442.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP482\A0068460.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP484\A0068572.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP484\A0068587.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068627.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068668.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068837.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068838.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068840.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068917.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0069758.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0071140.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0072116.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073119.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073138.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073155.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073159.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073173.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073177.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073191.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073195.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073269.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073306.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073330.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073356.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073360.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073678.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073691.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076756.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076757.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076782.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076801.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076802.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076824.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076828.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076849.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP492\A0077295.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP492\A0077327.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP492\A0077335.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP492\A0077336.dll
Infected! C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP492\A0077346.dll
Infected! C:\WINDOWS\SYSTEM32\dgsrslvr.dll
Infected! C:\WINDOWS\SYSTEM32\e002lado1d0c.dll
Infected! C:\WINDOWS\SYSTEM32\en26l1fs1.dll
Infected! C:\WINDOWS\SYSTEM32\gp62l3jo1.dll
Infected! C:\WINDOWS\SYSTEM32\hpj0231mg.dll
Infected! C:\WINDOWS\SYSTEM32\ir28l5fu1.dll
Infected! C:\WINDOWS\SYSTEM32\j00slad71d0.dll
Infected! C:\WINDOWS\SYSTEM32\kirberos.dll
Infected! C:\WINDOWS\SYSTEM32\m4280efueh280.dll
Infected! C:\WINDOWS\SYSTEM32\mv4ul9h91.dll
Infected! C:\WINDOWS\SYSTEM32\nqtshell.dll
Infected! C:\WINDOWS\SYSTEM32\q286lcls1fq6.dll
Infected! C:\WINDOWS\SYSTEM32\sivsvc.dll
Infected! C:\WINDOWS\system32\guard.tmp
Attempting to delete infected files...
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP475\A0066885.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP475\A0066885.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP475\A0066887.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP475\A0066887.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP476\A0066905.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP476\A0066905.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP478\A0066937.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP478\A0066937.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP479\A0066952.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP479\A0066952.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP480\A0066960.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP480\A0066960.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP480\A0066964.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP480\A0066964.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP481\A0068322.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP481\A0068322.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP481\A0068442.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP481\A0068442.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP482\A0068460.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP482\A0068460.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP484\A0068572.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP484\A0068572.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP484\A0068587.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP484\A0068587.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068627.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068627.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068668.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068668.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068837.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068837.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068838.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068838.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068840.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068840.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068917.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0068917.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0069758.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP485\A0069758.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0071140.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0071140.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0072116.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0072116.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073119.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073119.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073138.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073138.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073155.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073155.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073159.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073159.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073173.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073173.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073177.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073177.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073191.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073191.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073195.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073195.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073269.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073269.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073306.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073306.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073330.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073330.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073356.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073356.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073360.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073360.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073678.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073678.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073691.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP488\A0073691.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076756.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076756.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076757.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076757.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076782.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076782.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076801.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076801.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076802.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076802.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076824.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076824.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076828.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076828.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076849.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP489\A0076849.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP492\A0077295.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP492\A0077295.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP492\A0077327.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP492\A0077327.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP492\A0077335.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP492\A0077335.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP492\A0077336.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP492\A0077336.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP492\A0077346.dll
C:\System Volume Information\_restore{DA307427-8111-448A-B456-ADC5B22966F7}\RP492\A0077346.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\dgsrslvr.dll
C:\WINDOWS\SYSTEM32\dgsrslvr.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\e002lado1d0c.dll
C:\WINDOWS\SYSTEM32\e002lado1d0c.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\en26l1fs1.dll
C:\WINDOWS\SYSTEM32\en26l1fs1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\gp62l3jo1.dll
C:\WINDOWS\SYSTEM32\gp62l3jo1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\hpj0231mg.dll
C:\WINDOWS\SYSTEM32\hpj0231mg.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\ir28l5fu1.dll
C:\WINDOWS\SYSTEM32\ir28l5fu1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\j00slad71d0.dll
C:\WINDOWS\SYSTEM32\j00slad71d0.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\kirberos.dll
C:\WINDOWS\SYSTEM32\kirberos.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\m4280efueh280.dll
C:\WINDOWS\SYSTEM32\m4280efueh280.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\mv4ul9h91.dll
C:\WINDOWS\SYSTEM32\mv4ul9h91.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\nqtshell.dll
C:\WINDOWS\SYSTEM32\nqtshell.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\q286lcls1fq6.dll
C:\WINDOWS\SYSTEM32\q286lcls1fq6.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\sivsvc.dll
C:\WINDOWS\SYSTEM32\sivsvc.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{E4BFDC17-CA49-401A-A78D-7BBE4F4C2886}"
HKCR\Clsid\{E4BFDC17-CA49-401A-A78D-7BBE4F4C2886}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{B186811D-9174-4358-9EC2-56DC0197C88A}"
HKCR\Clsid\{B186811D-9174-4358-9EC2-56DC0197C88A}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{087A16AF-90D0-4E01-82B8-5CC6F0D68210}"
HKCR\Clsid\{087A16AF-90D0-4E01-82B8-5CC6F0D68210}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{B925FD61-69D3-4254-AD5A-F2CDBDBB9286}"
HKCR\Clsid\{B925FD61-69D3-4254-AD5A-F2CDBDBB9286}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{4944D5D4-1597-4054-8644-C553EDA9FF4D}"
HKCR\Clsid\{4944D5D4-1597-4054-8644-C553EDA9FF4D}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{648F03DA-E34A-4C86-9446-FA65A66C97FF}"
HKCR\Clsid\{648F03DA-E34A-4C86-9446-FA65A66C97FF}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{32DCFC55-1D8B-4317-8695-4FDD5950851D}"
HKCR\Clsid\{32DCFC55-1D8B-4317-8695-4FDD5950851D}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{2B3637C6-16A3-4F21-AA91-520BE158AEA7}"
HKCR\Clsid\{2B3637C6-16A3-4F21-AA91-520BE158AEA7}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded


maar alcanshorty_nl geeft nog altijd de foutmelding : Dit bestand wordt momenteel door een ander programma gebruikt.

Probeer eens in VEILIGE MODUS (http://users.pandora.be/marcvn/spyware/1378056.htm). :)

hey,

in veilige modus lukt het

maar het scherm van het prog run.bat geopend is dan is er eerst een tekst en op het einde staat er dat ge op ne knop moet drukken om door te gaan . ik doe dat en dat is hij bezig en dan staat er in dat scherm onderaan : BFU.exe is niet aanwezig

hoe komt dat en hoe verhelp ik het ?

Laat maar, we proberen het eens anders. :)

* Download en installeer Ewido Anti-Spyware 4.0 (http://www.ewido.net/en/download/).
Na de installatie, open Ewido Anti-Spyware 4.0:
* onder "Status", klik op Change state naast "Resident shield".
* onder "Update", klik op de Start update knop.
* onder "Scanner", tab "Settings":- onder "How to act?", klik op "Recommended actions" en selecteer Quarantine.
- onder "Reports", selecteer Automatically generate report after every scan en verwijder het vinkje bij Only if threats were found
Sluit Ewido. Laat het nog niet scannen.

* Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen
die je kan vinden op: http://users.pandora.be/marcvn/spyware/1414188.htm

* Start je computer op in VEILIGE MODUS (http://users.pandora.be/marcvn/spyware/1378056.htm)

* Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt.


open ewido en klik op de Scanner tab bovenaan en klik dan op Complete System Scan. Deze scan zal heel je systeem afcannen dus dit kan een tijdje duren
Ewido zal alle geïnfecteerde objecten aan de linkerkant tonen. Waneer de scan gedaan is, zal het alles naar de 'Quarantine' optie zetten. klik dan op de Apply all actions knop. Ewido zal dan het volgend bericht tonen aan de rechterkant: "All actions have been applied"
Klik dan op "Save Report", en dan op "Save Report As". dit zal een rapport maken Wees zeker dat je het rapport makkelijk kunt terugvinden (ijvoorbeeld op je bureaublad).


* Start je pc weer normaal

* Download ATF cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

* Post dan een nieuw hijackthis logje hier met het rapport van ewido.