Volledige versie bekijken : hijack this log



duifhuis
27 July 2005, 14:09
hoi dit is de log van mijn broertje's pc t is een warreboel amai kan iemand helpen aub er staat een hoop rommel op
alvast merci
groeten
duifhuis

Logfile of HijackThis v1.99.1
Scan saved at 13:49:18, on 27.07.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\run.exe
C:\windows\mspaint.exe
C:\winfw.exe
C:\reg.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\kn lwrap.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iK ernel.exe
C:\WINDOWS\system32\netke.exe
C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\cric.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\Rar$EX00.000\Hi jackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {4A8FA403-6D03-3DF6-B04E-8F3E905BDA8C} - C:\WINDOWS\system32\apirr32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Windows] run.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\windows\mspaint.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [eTunnel] C:\winfw.exe
O4 - HKLM\..\Run: [REGRUN] C:\reg.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [netke.exe] C:\WINDOWS\system32\netke.exe
O4 - HKLM\..\RunServices: [Windows] run.exe
O4 - HKLM\..\RunServices: [Windows Update Manager] C:\WINDOWS\wupdate.exe
O4 - HKLM\..\RunOnce: [cric.exe] C:\WINDOWS\system32\cric.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SSS5] "C:\Program Files\Steganos Security Suite 5\steganos5.exe" /booting
O4 - HKCU\..\Run: [SSS5SAFE] "C:\Program Files\Steganos Security Suite 5\safe.exe" /booting
O4 - HKCU\..\Run: [SSS5SPM] "C:\Program Files\Steganos Security Suite 5\spm.exe" /booting
O4 - HKCU\..\Run: [T-Online_Software_5\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: T-Online 5.0.lnk = C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/Bridge-c139.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095686654648
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.communities.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B168ED3-8437-41E2-A4EB-115B14AD31DE}: NameServer = 217.237.150.33 217.237.151.161
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

jurgenv
28 July 2005, 16:57
* Je hebt HijackThis in een tijdelijke map staan.
Voor je verder gaat moet je dit in een vaste map zetten.
vb in C:\Program Files\HijackThis\HijackThis.exe

* Download CWShredder (http://cwshredder.net/bin/CWShredder.exe).
Plaats het op een plaats waar je het snel terugvindt.
Nog niet laten runnen!

* Download about:Buster:
http://www.malwarebytes.biz/AboutBuster5.zip
Unzip het naar een eigen map.
Start about:Buster en klik op "Update" om de eventuele updates binnen te halen.
Scan nog niet met about:Buster, alleen even updaten.

* Download, installeer en update de free trial versie van Ewido Security Suite (http://www.ewido.net/en/download/)


Tijdens de installatie, onder "Additional Options", haal je de vinkjes weg bij "Install background guard" en "Install scan via context menu".
Als je Ewido voor de eerste keer runt, zal je een foutmelding krijgen "Database could not be found!". Klik dan op OK. Dit is normaal.
In het hoofdscherm van Ewido, klik je op update in het linker menu, en vervolgens op de Start update knop.
Als de updates gedaan zijn, zal er op de status bar beneden "Update successful" staan.
Sluit Ewido. Laat het nog niet scannen


* Download en installeer CCleaner (http://www.ccleaner.com)
Nog niet gebruiken!

* Zorg ervoor dat je verborgen mappen en bestanden weergegeven zijn.
Ga naar Start en klik op Deze computer.
In de menubalk selecteer je Extra en dan Mapopties.
Selecteer de tab Weergave.
Bij Verborgen bestanden en mappen selecteer je Verborgen bestanden en mappen weergeven.
Bij Bestanden en mappen haal je het vinkje weg bij: Beveiligde besturingssysteembestanden verbergen (aanbevolen).
Klik op Ja om dit te bevestigen.
Klik op OK.

* start je pc in veilige modus, hoe start ik mijn pc in veilige modus? (http://users.pandora.be/marcvn/spyware/1378056.htm)

* open hijackthis en vink volgende regels aan indien aanwezig:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jahke.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {4A8FA403-6D03-3DF6-B04E-8F3E905BDA8C} - C:\WINDOWS\system32\apirr32.dll
O4 - HKLM\..\Run: [Windows] run.exe
4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\windows\mspaint.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [eTunnel] C:\winfw.exe
O4 - HKLM\..\Run: [REGRUN] C:\reg.exe
O4 - HKLM\..\RunServices: [Windows] run.exe
O4 - HKLM\..\RunServices: [Windows Update Manager] C:\WINDOWS\wupdate.exe
O4 - HKLM\..\RunOnce: [cric.exe] C:\WINDOWS\system32\cric.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6...Bridge-c139.cab

* sluit dan alle vensters behalve hijackthis en klik op 'fixed checked'

* verwijder vogende bestanden indien aanwezig:

C:\WINDOWS\system32\apirr32.dll <== dit bestand
C:\WINDOWS\System32\run.exe <== dit bestand
C:\windows\mspaint.exe <== dit bestand
C:\winfw.exe <== dit bestand
C:\reg.exe <== dit bestand
C:\WINDOWS\wupdate.exe <== dit bestand
C:\WINDOWS\system32\cric.exe <== dit bestand

* Start CWShredder en klik op FIX

* Open Ewido Security Suite
klik op Scanner
Klik op complete system scan
Laat het programma je pc scannen
Tijdens de scan zal je gevraagd worden of je gevonden bestanden wil verwijderen. Klik dan op OK
Als de scan beëindigd is, zal je een knop zienBewaar rapport
Klik op Bewaar rapport
Sla het rapport op op je bureaublad
Sluit Ewido af


* Start about:Buster.
Klik op "Begin Removal".
Als about:Buster klaar is, laat je het nog een tweede keer scannen.

* Start CCleaner en klik op Ccleaner opstarten (onderaan rechts)

* Reboot je pc terug naar normale mode.

* Post een nieuw hijackthislogje + het logje van aboutbuster, Je vindt dit log (AB logfile.txt) in de map van waaruit about:Buster draait.

duifhuis
29 July 2005, 17:31
hehe t is klaar dit is de nieuwe log:
Logfile of HijackThis v1.99.0
Scan saved at 17:10:43, on 29.07.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\downloads\wimpi\EMERGENCY REPAIR\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\windows\mspaint.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [netke.exe] C:\WINDOWS\system32\netke.exe
O4 - HKLM\..\Run: [Windows] run.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SSS5] "C:\Program Files\Steganos Security Suite 5\steganos5.exe" /booting
O4 - HKCU\..\Run: [SSS5SAFE] "C:\Program Files\Steganos Security Suite 5\safe.exe" /booting
O4 - HKCU\..\Run: [SSS5SPM] "C:\Program Files\Steganos Security Suite 5\spm.exe" /booting
O4 - HKCU\..\Run: [T-Online_Software_5\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: T-Online 5.0.lnk = C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/Bridge-c139.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095686654648
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.communities.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B168ED3-8437-41E2-A4EB-115B14AD31DE}: NameServer = 217.237.150.33 217.237.151.161
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\system32\cric.exe (file missing)
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
en van aboutbuster:
AboutBuster 5.0 reference file 31
Scan started on [29.07.2005] at [16:58:49]
------------------------------------------------
Removed Stream! C:\WINDOWS\ahrbl.txt:cxczdf
Removed Stream! C:\WINDOWS\asym.ini:ciouyp
Removed Stream! C:\WINDOWS\avazj.txt:myuexq
Removed Stream! C:\WINDOWS\BisDNBg.dat:ujyztz
Removed Stream! C:\WINDOWS\bmgwg.dat:fynjaa
Removed Stream! C:\WINDOWS\bound.bmp:oqdyei
Removed Stream! C:\WINDOWS\brtap.txt:flkkpm
Removed Stream! C:\WINDOWS\casyg.txt:kbpezk
Removed Stream! C:\WINDOWS\cdplayer.ini:lsvwda
Removed Stream! C:\WINDOWS\control.ini:dcirtm
Removed Stream! C:\WINDOWS\cykni.dat:ntdich
Removed Stream! C:\WINDOWS\dbmzb.dat:gponsv
Removed Stream! C:\WINDOWS\desktop.ini:dtgbxl
Removed Stream! C:\WINDOWS\desktop.ini:gqwdyk
Removed Stream! C:\WINDOWS\disney.ini:zhgsmf
Removed Stream! C:\WINDOWS\disneysy.ini:wuyhzn
Removed Stream! C:\WINDOWS\disneysy.ini:zrgisv
Removed Stream! C:\WINDOWS\elehs.txt:ujqngu
Removed Stream! C:\WINDOWS\eopba.dat:jjkdis
Removed Stream! C:\WINDOWS\eqhxn.dat:mkjtax
Removed Stream! C:\WINDOWS\eReg.dat:rszwuf
Removed Stream! C:\WINDOWS\eugln.txt:ckcqkc
Removed Stream! C:\WINDOWS\eyzye.txt:plmlxr
Removed Stream! C:\WINDOWS\gamestng.reg:mnlhzs
Removed Stream! C:\WINDOWS\grtvm.dat:foemud
Removed Stream! C:\WINDOWS\hegames.ini:abhada
Removed Stream! C:\WINDOWS\jqtlw.txt:wipqgb
Removed Stream! C:\WINDOWS\LVMMail.INI:lckttg
Removed Stream! C:\WINDOWS\MF_C420.lfa:ddvgvq
Removed Stream! C:\WINDOWS\MF_C425.lfa:rygkqw
Removed Stream! C:\WINDOWS\ModemLog_Standaardmodem (19200 bps).txt:kzqqtg
Removed Stream! C:\WINDOWS\n_awrvnp.dat:lkcdw
Removed Stream! C:\WINDOWS\ODBCINST.INI:ujnyfi
Removed Stream! C:\WINDOWS\ohdka.dat:ysrnwe
Removed Stream! C:\WINDOWS\onwzi.txt:qlbxhm
Removed Stream! C:\WINDOWS\ovtrk.dat:qtkszo
Removed Stream! C:\WINDOWS\papil.dat:yvxzbo
Removed Stream! C:\WINDOWS\Patroon.bmp:ienavx
Removed Stream! C:\WINDOWS\prpam.dat:juuxtr
Removed Stream! C:\WINDOWS\qbotu.txt:rwpedq
Removed Stream! C:\WINDOWS\qcmxg.dat:afffqi
Removed Stream! C:\WINDOWS\qrnrx.txt:uojfuq
Removed Stream! C:\WINDOWS\qsfng.dat:jxijyb
Removed Stream! C:\WINDOWS\REGLOCS.OLD:cxtxal
Removed Stream! C:\WINDOWS\REGLOCS.OLD:npbtwb
Removed Stream! C:\WINDOWS\Rhododendron.bmp:tgyssk
Removed Stream! C:\WINDOWS\rpsxy.dat:ximyrd
Removed Stream! C:\WINDOWS\Rtcw.INI:lauoxr
Removed Stream! C:\WINDOWS\Rtcw.INI:lgiymu
Removed Stream! C:\WINDOWS\run.cxq:arbvlv
Removed Stream! C:\WINDOWS\rzrkg.dat:yakktf
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:lvuaxq
Removed Stream! C:\WINDOWS\shop.ico:ewefra
Removed Stream! C:\WINDOWS\shop.ico:symkro
Removed Stream! C:\WINDOWS\shop.ico:wcyyte
Removed Stream! C:\WINDOWS\SIERRA.INI:bbnuqa
Removed Stream! C:\WINDOWS\Sof2.INI:dtmfhh
Removed Stream! C:\WINDOWS\Sof2.INI:lucxpn
Removed Stream! C:\WINDOWS\Sof2.INI:pmcigw
Removed Stream! C:\WINDOWS\start.reg:odqmoo
Removed Stream! C:\WINDOWS\start.reg:wxxktl
Removed Stream! C:\WINDOWS\Stekkie.bmp:afewko
Removed Stream! C:\WINDOWS\Sti_Trace.log:dvucjq
Removed Stream! C:\WINDOWS\Sti_Trace.log:osqqks
Removed Stream! C:\WINDOWS\system.ini:mcqnmn
Removed Stream! C:\WINDOWS\tb50.ini:sfpcmz
Removed Stream! C:\WINDOWS\Thumbs.db:vaiiil
Removed Stream! C:\WINDOWS\Thumbs.db:wvnida
Removed Stream! C:\WINDOWS\tiscali_it_2.ico:oezlrd
Removed Stream! C:\WINDOWS\TMPCPYIS.BAT:lgihgb
Removed Stream! C:\WINDOWS\TMPDELIS.BAT:eawibk
Removed Stream! C:\WINDOWS\TMPDELIS.BAT:qkixof
Removed Stream! C:\WINDOWS\tzzek.txt:csghjl
Removed Stream! C:\WINDOWS\ulnis.txt:wbpovv
Removed Stream! C:\WINDOWS\utzzo.txt:vszmmv
Removed Stream! C:\WINDOWS\vb.ini:gwrqtg
Removed Stream! C:\WINDOWS\vb.ini:ljyohv
Removed Stream! C:\WINDOWS\vb.ini:ochbyf
Removed Stream! C:\WINDOWS\vb.ini:vpaztg
Removed Stream! C:\WINDOWS\vdgwwin.ini:bltqka
Removed Stream! C:\WINDOWS\vxwxz.dat:scpmqf
Removed Stream! C:\WINDOWS\wiaservc.log:ekicby
Removed Stream! C:\WINDOWS\wiaservc.log:zdkmus
Removed Stream! C:\WINDOWS\win.ini:ldirli
Removed Stream! C:\WINDOWS\Winamp.ini:yucxii
Removed Stream! C:\WINDOWS\winampa.ini:grmjqb
Removed Stream! C:\WINDOWS\WindowsUpdate.log:dvbfns
Removed Stream! C:\WINDOWS\winnt.bmp:pltmxt
Removed Stream! C:\WINDOWS\winnt256.bmp:mkltqf
Removed Stream! C:\WINDOWS\WINSTART.BAT:vwlkhc
Removed Stream! C:\WINDOWS\wmprfNLD.prx:isedrw
Removed Stream! C:\WINDOWS\WMSysPr9.prx:elehsi
Removed Stream! C:\WINDOWS\wnhqw.txt:btxily
Removed Stream! C:\WINDOWS\wywvc.txt:bywtlo
Removed Stream! C:\WINDOWS\xtfxq.txt:tuqvnj
Removed Stream! C:\WINDOWS\Zapotec.bmp:mnabht
Removed Stream! C:\WINDOWS\Zeepbellen.bmp:buzqrl
Removed Stream! C:\WINDOWS\Zeepbellen.bmp:dgazeo
Removed Stream! C:\WINDOWS\Zeepbellen.bmp:zlfrcr
Removed Stream! C:\WINDOWS\_default.pif:fcgrks
Removed Stream! C:\WINDOWS\_default.pif:uypyfq
Removed Stream! C:\WINDOWS\_delis32.ini:abjwha
Removed Stream! C:\WINDOWS\_delis32.ini:agaisf
------------------------------------------------
Removed File! : C:\Windows\abewt.dat
Removed File! : C:\Windows\btiyd.dat
Removed File! : C:\Windows\cyhom.dat
Removed File! : C:\Windows\cykni.dat
Removed File! : C:\Windows\eopba.dat
Removed File! : C:\Windows\fmisd.dat
Removed File! : C:\Windows\grtvm.dat
Removed File! : C:\Windows\houle.dat
Removed File! : C:\Windows\kjcal.dat
Removed File! : C:\Windows\kjhfw.dat
Removed File! : C:\Windows\lawnz.dat
Removed File! : C:\Windows\lryni.dat
Removed File! : C:\Windows\ohdka.dat
Removed File! : C:\Windows\prpam.dat
Removed File! : C:\Windows\pxals.dat
Removed File! : C:\Windows\qcmxg.dat
Removed File! : C:\Windows\qfkxo.dat
Removed File! : C:\Windows\qkveo.dat
Removed File! : C:\Windows\qxghd.dat
Removed File! : C:\Windows\smlyd.dat
Removed File! : C:\Windows\vxwxz.dat
Removed File! : C:\Windows\wxknw.dat
Removed File! : C:\Windows\System32\cbzoj.dat
Removed File! : C:\Windows\System32\clvuv.dat
Removed File! : C:\Windows\System32\dlzqq.dat
Removed File! : C:\Windows\System32\dutgs.dat
Removed File! : C:\Windows\System32\enlhr.dat
Removed File! : C:\Windows\System32\gaijx.dat
Removed File! : C:\Windows\System32\iqvuu.dat
Removed File! : C:\Windows\System32\isgws.dat
Removed File! : C:\Windows\System32\jjhdo.dat
Removed File! : C:\Windows\System32\ktvbd.dat
Removed File! : C:\Windows\System32\mbhvt.dat
Removed File! : C:\Windows\System32\nbxff.dat
Removed File! : C:\Windows\System32\piblw.dat
Removed File! : C:\Windows\System32\ruofe.dat
Removed File! : C:\Windows\System32\tcedf.dat
Removed File! : C:\Windows\System32\zastb.dat
Removed File! : C:\Windows\System32\zqrio.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 17:00:54

AboutBuster 5.0 reference file 31
Scan started on [29.07.2005] at [17:01:35]
------------------------------------------------
Removed Stream! C:\WINDOWS\bmgwg.dat:nkrevj
Removed Stream! C:\WINDOWS\brtap.txt:sbeyxz
Removed Stream! C:\WINDOWS\eugln.txt:xktgch
Removed Stream! C:\WINDOWS\eyzye.txt:umtcfi
Removed Stream! C:\WINDOWS\Sof2.INI:wrxcqi
Removed Stream! C:\WINDOWS\utzzo.txt:xmomms
Removed Stream! C:\WINDOWS\winampa.ini:wlbhdi
Removed Stream! C:\WINDOWS\_default.pif:wywfsc
Removed Stream! C:\WINDOWS\_delis32.ini:awfgzt
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 17:03:14

k hoop dat t ok is nu
zou k hier op pc geen
firewall opzetten grtz wim

jurgenv
29 July 2005, 18:09
* post je volgende log met versie 1.99.1 aub

* ga naar start==>uitvoeren==>typ: services.msc
zoek daar de service: Remote Procedure Call (RPC) Helper <== let op!! helper moet er wel degelijk bij staan!
dubbelklik op Remote Procedure Call (RPC) Helper
klik op 'stoppen'
kies de opstarttype: uitgeschakeld

* open hijackthis en vink volgende regels aan indien aanwezig:

O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\windows\mspaint.exe
O4 - HKLM\..\Run: [netke.exe] C:\WINDOWS\system32\netke.exe
O4 - HKLM\..\Run: [Windows] run.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6...Bridge-c139.cab
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\system32\cric.exe (file missing)

* sluit dan alle vensters behale hijackthis en klik op 'fix checked'

* start je pc in veilige modus

* verwijder volgende bestanden indien aanwezig:

C:\WINDOWS\system32\netke.exe
C:\WINDOWS\system32\run.exe
C:\WINDOWS\system32\cric.exe
C:\windows\mspaint.exe

* start je pc weer normaal en post een nieuw logje

duifhuis
29 July 2005, 22:23
dit is een nieuw logje
maar O4 - HKLM\..\Run: [netke.exe] C:\WINDOWS\system32\netke.exe en O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\system32\cric.exe (file missing)
heb ik er niet bij gevonden heb paar keer na gekeken

nieuwe log:
Logfile of HijackThis v1.99.1
Scan saved at 22:02:30, on 29.07.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\downloads\wimpi\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ftr-proxy.t-online.de:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SSS5] "C:\Program Files\Steganos Security Suite 5\steganos5.exe" /booting
O4 - HKCU\..\Run: [SSS5SAFE] "C:\Program Files\Steganos Security Suite 5\safe.exe" /booting
O4 - HKCU\..\Run: [SSS5SPM] "C:\Program Files\Steganos Security Suite 5\spm.exe" /booting
O4 - HKCU\..\Run: [T-Online_Software_5\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: T-Online 5.0.lnk = C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095686654648
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.communities.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

marci
groeten

jurgenv
29 July 2005, 23:10
ziet er goed uit ;) voer nu zeker het volgende zeker uit want je hebt zelfs SP1 nog niet geïnstalleerd!

Nog een paar tips om problemen te voorkomen in de toekomst:

Installeer alvast volgende GRATIS programmatjes:

Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html)
Adaware se (http://www.majorgeeks.com/download506.html)
Spybot s&d (http://http://www.safer-networking.org/en/index.html)


Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.

En kies eventueel een alternatieve browser zoals Opera (http://www.opera.com) of Firefox (http://www.mozilla.org/products/firefox/).

En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall (http://housecall.trendmicro.com/) en/of Bitdefender (http://www.bitdefender.com/scan/licence.php). Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!

En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/

Bekijk ook eens deze 2 filmpjes.. Heel interessant:
http://www2.trosradar.nl/mediaplayer/player.php?videoID=524&mode=dossier#
http://www.benedelman.org/spyware/security-111804.wmv


Meer preventietips zijn ook op volgende sites te vinden:

http://www.bluemedicine.be
http://users.telenet.be/marcvn/spyware
How did I get infected in the first place (http://castlecops.com/postitle7736-0-0-.html) (article by TonyKlein)
Het voorkomen van spyware-infecties en browserhijacking (http://www.antispywareoffensief.nl/forum/showthread.php?t=55)

duifhuis
30 July 2005, 11:56
merci voor de hulp
k heb t mijn broertje laten lezen
k hoop dat ze t nu snappen lol

veel succes met jullie site
t is de best!!!!!
groeten

jurgenv
30 July 2005, 12:00
graag gedaan