Volledige versie bekijken : Hijackthis log van flashke
Flashke 30 July 2006, 20:17 Verplaatst naar hijackthis logs.
Logfile of HijackThis v1.99.1
Scan saved at 20:11:20, on 30/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\{780F764F-0A2D-1043-0714-030418030020}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe
C:\Program Files\SearchSpy\SearchSpyMenu.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carp.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {682E71DE-7B9D-42EF-A333-E738CC6DD5C8} - C:\WINDOWS\system32\mlljh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [SearchSpy] C:\Program Files\SearchSpy\SearchSpyMenu.exe
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: bw+0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\rundll32.dll
O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
jurgenv 31 July 2006, 01:00 Download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) naar je bureaublad.
Dubbelklik VundoFix.exe om het te starten.
Zet een vinkje naast: Run VundoFix as a task.
Je zal een melding krijgen dat Vundofix zal sluiten en daarna terug openen. Klik OK
Wanneer VundoFix opnieuw opent, klik de Scan for Vundo knop.
Eenmaal gedaan met scannen, klik de Remove Vundo knop.
Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik YES
Nadat je Yes hebt geklikt, zullen de icoontjes op je bureaublad verdwijnen tijdens het verwijderen van Vundo.
Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik OK.
Start je pc terug opnieuw op.
Post de inhoud van C:\vundofix.txt en een nieuwe hijackthislog in je volgende post.
Flashke 31 July 2006, 17:56 Hier is de log van vundofix :
VundoFix V5.1.6
Running as SYSTEM
from c:\windows\system32\VundoFix.exe
Checking Java version...
Java version is 1.5.0.6
Scan started at 17:49:01 31/07/2006
Listing files found while scanning....
No infected files were found.
Beginning removal...
En dit is het hijackthis log : zoals ik het kan zien is het idem als de vorige:
Logfile of HijackThis v1.99.1
Scan saved at 17:56:09, on 31/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\{780F764F-0A2D-1043-0714-030418030020}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe
C:\Program Files\SearchSpy\SearchSpyMenu.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carp.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F6029539-B675-4838-BC9D-59ED2605A1FD} - C:\WINDOWS\system32\mlljh.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [SearchSpy] C:\Program Files\SearchSpy\SearchSpyMenu.exe
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: bw+0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {86EDE101-548E-4A61-B380-405EA5C9644D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\rundll32.dll
O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Mvg
Peter
jurgenv 31 July 2006, 18:18 * Als je logitech desktop messenger niet echt gebruikt, dan raad ik je aan die te de-installeren omdat dit onnodig je systeem vertraagd, het zoekt namelijk naar updates voor je logitech producten terwijl dit prefect handmatig kan zonder zo te vertragen.
1. Download The Avenger (http://swandog46.geekstogo.com/avenger.zip) by Swandog46 naar je Bureaublad. Klik op Avenger.zip om het uit te pakken naar je bureaublad
2. Nu, start The Avenger door op het icoontje met het zwaard te dubbelklikken. Onder "Script file to execute" kies "Input Script Manually". Klik op het vergrootglas icoontje die een niew venster zal openen met de naam "View/edit script" Kopieer en plak volgend volledig vetgedrukt erin:
Files to delete:
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\hjllm.dll
Opgelet: Bovenstaande code werd enkel gemaakt voor deze computer/situatie/user. Indien je deze code op een andere computer gebruikt kan het schade toebrengen!
Klik Done Daarna klik op het Groen verkeerslicht om het script uit te voeren Antwoord "Yes/Ja" wanneer daarnaar gevraagd wordt.
3. The Avenger zal daarna het volgende doen: Uw computer herstarten. ( In gevallen waar het script een code bevat met "Drivers to Unload", dan zal The Avenger tweemaal uw systeem herstarten) Na herstart, zal het vlug een zwart command window openen. Dit is normaal. Na herstart, zal het een log maken die zal openen met de resultaten van The Avenger. Deze log zal te vinden zijn op C:\avenger.txt The Avenger maakt ook backups aan met alle bestanden, etc., die eerder werden verwijderd door The Avenger, deze backups bevinden zich op volgende plaats: C:\avenger\backup.zip.
4. Kopieer en plak de inhoud van avenger.txt in je volgende post samen met een nieuw hijackthislog.
Flashke 1 August 2006, 17:37 Hijackthislogje :
Logfile of HijackThis v1.99.1
Scan saved at 17:35:38, on 1/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\{780F764F-0A2D-1043-0714-030418030020}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\YzShadow\YzShadow.exe
C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SearchSpy\SearchSpyMenu.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carp.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E0F810CA-BBE3-43CA-B674-4751D4747B1E} - C:\WINDOWS\system32\mlljh.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [SearchSpy] C:\Program Files\SearchSpy\SearchSpyMenu.exe
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\rundll32.dll
O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Avengerlogje :
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\jbiojkqg
*******************
Script file located at: \??\C:\WINDOWS\rummyohp.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\mlljh.dll deleted successfully.
File C:\WINDOWS\system32\hjllm.dll not found!
Deletion of file C:\WINDOWS\system32\hjllm.dll failed!
Could not process line:
C:\WINDOWS\system32\hjllm.dll
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Heb de indruk dat de pc alweer een pak sneller werkt. KOmt dit door het verwijderen van die logitech dinges???
Mvg
Peter
Ps : de security pop-ups blijven echter komen... ( security alert...) :(
jurgenv 2 August 2006, 12:29 * Je kan deze instructies best uitprinten of opslaan in een kladblokbestand, want straks zal je in veilige modus
moeten gaan werken, en dan is deze pagina niet beschikbaar (geen internet)
* Download smitRem.exe (http://www.downloads.subratam.org/smitRem.exe) en sla dit op op het Bureaublad.
Dubbelklik op het bestand en pak het uit naar zijn eigen map op het Bureaublad.
* Download en installeer Ewido Anti-Spyware 4.0 (http://www.ewido.net/en/download/).
Na de installatie, open Ewido Anti-Spyware 4.0:
* onder "Status", klik op Change state naast "Resident shield".
* onder "Update", klik op de Start update knop.
* onder "Scanner", tab "Settings":- onder "How to act?", klik op "Recommended actions" en selecteer Quarantine.
- onder "Reports", selecteer Automatically generate report after every scan en verwijder het vinkje bij Only if threats were found
Sluit Ewido. Laat het nog niet scannen.
* Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen
die je kan vinden op: http://users.pandora.be/marcvn/spyware/1414188.htm
* Start je computer op in VEILIGE MODUS (http://users.pandora.be/marcvn/spyware/1378056.htm)
* open hijackthis en vink volgende regels aan:
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {E0F810CA-BBE3-43CA-B674-4751D4747B1E} - C:\WINDOWS\system32\mlljh.dll (file missing)
O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)
* sluit dan alle vensters behalve hijackthis en klik op 'fix checked'
* Open de smitrem-map op je bureaublad, en dubbelklik op RunThis.bat. Volg de aanwijzigingen op het scherm.
Je bureaublad en ikoontjes zullen even verdwijnen en daarna terug verschijnen, dit is normaal.
Wacht tot het tooltje zijn werk heeft gedaan en Disk Cleanup afgelopen is. Dit kan enige tijd duren, dus wees geduldig.
* Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt.
open ewido en klik op de Scanner tab bovenaan en klik dan op Complete System Scan. Deze scan zal heel je systeem afcannen dus dit kan een tijdje duren
Ewido zal alle geïnfecteerde objecten aan de linkerkant tonen. Waneer de scan gedaan is, zal het alles naar de 'Quarantine' optie zetten. klik dan op de Apply all actions knop. Ewido zal dan het volgend bericht tonen aan de rechterkant: "All actions have been applied"
Klik dan op "Save Report", en dan op "Save Report As". dit zal een rapport maken Wees zeker dat je het rapport makkelijk kunt terugvinden (ijvoorbeeld op je bureaublad).
* Ga dan naar Start -> configuratiescherm -> vormgeving en thema's -> bureaublad ->bureaublad aanpassen -> Website -> haal het vinkje weg bij "Security Info" als het er nog staat.
* Herstart je computer in normale modus.
* Download ATF cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.
Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.
Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.
* Doe een online scan via Panda's online virus scan (http://www.pandasoftware.com/activescan/com/activescan_principal.htm) en bewaar het rapport dat je krijgt na het scannen
* Herstart je pc nogmaals en plaats dan een nieuw logje van Hijackthis, samen met het rapport van Ewido en Panda, Post de log van de smitRem tool, die je hier kan vinden: C:\smitfiles.txt.
Flashke 2 August 2006, 23:03 Hojackthislogje:
Logfile of HijackThis v1.99.1
Scan saved at 23:01:00, on 2/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\YzShadow\YzShadow.exe
C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe
C:\Program Files\SearchSpy\SearchSpyMenu.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carp.be
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [SearchSpy] C:\Program Files\SearchSpy\SearchSpyMenu.exe
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\rundll32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Ewido logje :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 22:09:14 2/08/2006
+ Scan result:
HKU\S-1-5-21-1957994488-1592454029-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-1957994488-1592454029-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1957994488-1592454029-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Common Files\aѕsembly\nѕlookup.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gebbyxx.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pmnqguh.Vdll -> Not-A-Virus.Hoax.Win32.Renos.dw : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\Peter\Cookies\peter@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\Peter\Cookies\peter@com[2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
:mozilla.416:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Etracker : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Peter\Cookies\peter@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.425:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.426:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.427:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.428:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
C:\Documents and Settings\Peter\Cookies\peter@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
:mozilla.293:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.294:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.295:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.296:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.297:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.298:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.299:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
C:\Documents and Settings\Peter\Cookies\peter@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.318:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.319:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.320:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.321:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
:mozilla.277:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.278:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.381:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Realtracker : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.255:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.256:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.257:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.258:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.260:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.322:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.323:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.324:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.325:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.335:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.336:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Peter\Cookies\peter@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Peter\Cookies\peter@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.354:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.355:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.356:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.357:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.358:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.359:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.360:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.361:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.362:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.363:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.364:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.365:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.482:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
C:\Documents and Settings\Peter\Cookies\peter@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Peter\Cookies\peter@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Nathalie\Local Settings\Temp\oynipdat.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\Οracle\csrss.exe -> Trojan.PurityAd : Cleaned with backup (quarantined).
D:\diverse software\Update Windows LegitCheck2 dll\Update Windows LegitCheck2 dll.exe -> Trojan.Ransom.a : Cleaned with backup (quarantined).
::Report end
Panda logje:
Incident Status Location
Potentially unwanted tool:application/mywebsearch Not disinfected c:\windows\system32\f3PSSavr.scr
Potentially unwanted tool:application/zango Not disinfected c:\program files\Zango Programs
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/sidesearch Not disinfected Windows Registry
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nathalie\Cookies\nathalie@go[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\dy29tf7v.default\coo kies.txt[.fe.lea.lycos.fr/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Peter\Bureaublad\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Peter\Bureaublad\smitRem.exe[smitRem/Process.exe]
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\BitTorrent\uninstall.exe[²ÜÇ\System.dll]
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{780F764F-0A2D-1043-0714-030418030020}\services.dll
Adware:Adware/MediaTickets Not disinfected C:\Program Files\Cowabanga\uninstaller.exe
Adware:Adware/MaxFiles Not disinfected C:\Program Files\ipwins\ipwins.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\ipwins\Uninst.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MSN Messenger\riched20.dll
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\TClock\tclock_install.exe[²ÜÇ\System.dll]
Potentially unwanted tool:Application/Zango Not disinfected C:\Program Files\Zango Programs\Zango Toolbar\ZangoTBUninstaller.exe
Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\system32\cemetrix.dll
Adware:Adware/DollarRevenue Not disinfected D:\diverse software\BitTorrent-4.20.2.exe[²ÜÇ\System.dll]
Hacktool:HackTool/Flood Not disinfected D:\diverse software\MillenniumSE_261203.exe[MillenniumSE_v1.41_261203\system\dll\html.dll]
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected D:\diverse software\MillenniumSE_261203.exe[MillenniumSE_v1.41_261203\system\dll\moo.dll]
Hacktool:HackTool/Flood Not disinfected D:\diverse software\mpp710rc5_full.exe[nHTMLn.dll]
Potentially unwanted tool:Application/Leaktest.A Not disinfected D:\diverse software\mpp710rc5_full.exe[leaktest.exe]
Hacktool:HackTool/Flood Not disinfected D:\diverse software\mpp710rc5_full.exe[nHTMLn.dll]
Panda logje:
smitRem © log file
version 3.1
by noahdfear
Microsoft Windows XP [versie 5.1.2600]
"IE"="6.0000"
Running from
C:\Documents and Settings\Peter\Bureaublad\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
checking for drsmartload2 key
drsmartload2 key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
Online Security Guide.url
Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url
~~~ Favorites ~~~
Antivirus Test Online.url
~~~ system32 folder ~~~
ixt*.dll
amcompat.tlb
nscompat.tlb
logfiles
~~~ Icons in System32 ~~~
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 784 'explorer.exe'
Killing PID 784 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN! :)
jurgenv 3 August 2006, 00:01 * Verwijder volgende map:
C:\program files\Zango Programs
C:\Program Files\Common Files\{780F764F-0A2D-1043-0714-030418030020}
C:\Program Files\Cowabanga
C:\Program Files\ipwins
C:\Program Files\TClock
* Download Killbox (http://www.downloads.subratam.org/KillBox.exe).
Klik op killbox.exe.
Kies de optie: "Delete on reboot".
Kopieer het volgende vetgedrukt deel:
c:\windows\system32\f3PSSavr.scr
C:\Program Files\MSN Messenger\riched20.dll
C:\WINDOWS\system32\cemetrix.dll
Open 'file' in het killboxmenu bovenaan en kies: Paste from clipboard
Je zal zien, het bovenstaande vetgedrukte zal staan in het "Full Path of File to Delete"-veld.
Er is een klein pijltje naast dat veld. Als je daarop klikt zal je al die bovenstaande lijntjes (indien bestanden aanwezig) die je gekopieerd hebt zien staan (dit is alvast de bedoeling)
Klik op de knop: All files (!Belangrijk!)
Daarna, Klik op de rode cirkel met het wit kruisje erin.
Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES.
Je pc moet nu rebooten.
* Post dan een nieuw hijackthis logje hier.
Flashke 3 August 2006, 15:49 Nieuw Hijack-logje:
Logfile of HijackThis v1.99.1
Scan saved at 15:49:07, on 3/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe
C:\Program Files\SearchSpy\SearchSpyMenu.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carp.be
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [SearchSpy] C:\Program Files\SearchSpy\SearchSpyMenu.exe
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\rundll32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Mvg
Peter
jurgenv 3 August 2006, 15:54 Ik vermoed dat SearchSpy een dubieus antispyware progje is? Als je niet weet wat het op je pc doet dan raad ik je aan het te de-installeren. :)
Flashke 3 August 2006, 18:45 Zo se, is bij deze gebeurd. Moet zeggen dat mijn pc voor 't ogenblik supervlot loopt !! Als je ooit in de buurt van Tongeren komt laat je maar wat weten, zal ik je een dikke pint ofzo betalen !!!
Dikke Merci !!!!
Mvg
Peter
jurgenv 3 August 2006, 18:47 Graag gedaan hoor. ;)
Nog een paar tips om problemen te voorkomen in de toekomst:
Installeer alvast volgende GRATIS programmatjes indien je ze nog niet hebt:
Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html)
Adaware se (http://www.majorgeeks.com/download506.html)
Spybot s&d (http://www.safer-networking.org/en/index.html)
Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.
En kies eventueel een alternatieve browser zoals Opera (http://www.opera.com) of Firefox (http://www.mozilla.org/products/firefox/).
En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall (http://housecall.trendmicro.com/) en/of Bitdefender (http://www.bitdefender.com/scan/licence.php). Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!
En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/
Bekijk ook eens deze 2 filmpjes.. Heel interessant:
http://www2.trosradar.nl/mediaplayer/player.php?videoID=524&mode=dossier#
http://www.benedelman.org/spyware/security-111804.wmv
Meer preventietips zijn ook op volgende sites te vinden:
http://www.bluemedicine.be
http://users.telenet.be/marcvn/spyware
How did I get infected in the first place (http://castlecops.com/postitle7736-0-0-.html) (article by TonyKlein)
Het voorkomen van spyware-infecties en browserhijacking (http://www.antispywareoffensief.nl/forum/showthread.php?t=55)
|
|