Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Is dit te vertrouwen?

smeenk
20 antwoorden
  • Is dit te vertrouwen en is het goed spul?


    http://search4help.net/search_own.php?pin=17702


    http:/
    azespyware.net/?t=2&affid=1892
  • Waarom zou je dit willen proberen als er iets als Hitman Pro te krijgen is? Daar heb ik in ieder geval een beter gevoel bij dan dit, heb er overigens ook nog nooit van gehoord.
  • Ik ken ze niet, maar dat zegt natuurlijk niks.
    Ik hou het maar bij ad aware, spybot. spywareblaster, cwshredder en a-squared.
  • Hitman pro is voor de eenvoudige/beginnende gebruiker; ik controleer/beheer/configureer mijn anti-spyware programma's liever zelf.
  • [quote:b468f3a513="diquydiq"]Is dit te vertrouwen en is het goed spul?[/quote:b468f3a513]Lees eerst ff de Spyware FAQ van Gerben.
    http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=115358
  • [quote:67df80d7bd="kompod"]Hitman pro is voor de eenvoudige/beginnende gebruiker; ik controleer/beheer/configureer mijn anti-spyware programma's liever zelf.[/quote:67df80d7bd]

    Eigenlijk bedoelde ik niet Hitman Pro zelf maar de programma's die het gebruikt. Zelf beheer ik die ook liever zelf op mijn eigen systemen maar soms is het wel makkelijk als alles in één keer automatisch gaat. Gebruik ik vaak als ik bij mensen (weer eens) de boel moet komen opschonen, wil dan liever niet al te lang bezig zijn.
  • Begrepen :wink: ; ik heb het bijvoorbeeld op de pc van mijn moeder gezet omdat ze er toch al niks van snapt en als ze dan ook nog eens 4/5 verschillende applicaties moet bijhouden, updaten, enz gaat het helemaal mis.

    Voor zulke gevallen is het prima geschikt
  • Ik heb mijn ie browser 'laten overnemen' door 'quick web search'.

    Het is niet leuk, hoe kan ik het weer kwijt raken?


    http://forums.spywareinfo.com/lofiversion/index.php/t50678.html


    naar het zich laat aanzien wordt het verwijderen een zeer uitgebreide klus:

    http://forums.spywareinfo.com/lofiversion/index.php/t44559.html
  • Het beste is als je je problemen uitlegt in het "beveiliging en Privacy' subforum.
    Ze zullen je daar waarschijnlijk ook vragen een hijackthislog ( http://users.pandora.be/marcvn/spyware/1758530.htm ) te plaatsen; doe dit in combinatie met je probleemstelling.
  • [quote:b81c46b400="kompod"]Het beste is als je je problemen uitlegt in het "beveiliging en Privacy' subforum.[/quote:b81c46b400]
    >> B&P
  • http://forum.iamnotageek.com/archive/index.php/t-1819048794.html

    Niets blijkt te werken om hiervan te geraken.

    Iemand die mij verder weet te helpen?
  • Ehm, hijackthis logje wellicht? Zonder info is het lastig helpen.
  • Logfile of HijackThis v1.99.1
    Scan saved at 9:38:20 PM, on 8/28/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Netropa\Multimedia Keyboard
    hksrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Autodesk\Acade 2005\lic\lmgrd.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Autodesk\Acade 2005\lic\adskflex.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\WINDOWS\appun.exe
    C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
    K:\Shareaza\Shareaza.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\PROGRA~1\NORTON~1
    avw32.exe
    C:\Program Files\eMule\eMule.exe
    C:\Program Files\NASA\World Wind 1.3\WorldWind.exe
    E:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cyutg.dll/sp.html#17702
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cyutg.dll/sp.html#17702
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cyutg.dll/sp.html#17702
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cyutg.dll/sp.html#17702
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cyutg.dll/sp.html#17702
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cyutg.dll/sp.html#17702
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Class - {744A69F1-3231-8237-5712-680C19DA650A} - C:\WINDOWS\system32\ieuh.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
    O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [msgm.exe] C:\WINDOWS\msgm.exe
    O4 - HKLM\..\Run: [appun.exe] C:\WINDOWS\appun.exe
    O4 - HKLM\..\Run: [winsl32.exe] C:\WINDOWS\system32\winsl32.exe
    O4 - HKLM\..\Run: [apppe.exe] C:\WINDOWS\apppe.exe
    O4 - HKLM\..\RunOnce: [ieqw.exe] C:\WINDOWS\system32\ieqw.exe
    O4 - HKLM\..\RunOnce: [javazd.exe] C:\WINDOWS\system32\javazd.exe
    O4 - HKLM\..\RunOnce: [syscx.exe] C:\WINDOWS\system32\syscx.exe
    O4 - HKLM\..\RunOnce: [javazi.exe] C:\WINDOWS\javazi.exe
    O4 - HKLM\..\RunOnce: [addes32.exe] C:\WINDOWS\system32\addes32.exe
    O4 - HKLM\..\RunOnce: [ierz32.exe] C:\WINDOWS\system32\ierz32.exe
    O4 - HKLM\..\RunOnce: [crzo32.exe] C:\WINDOWS\crzo32.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [Shareaza] "K:\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124349630390
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4050A9EC-E950-43DC-8012-3E38AF5E6ECB}: NameServer = 192.168.1.254,0.0.0.0
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4050A9EC-E950-43DC-8012-3E38AF5E6ECB}: NameServer = 192.168.1.254,0.0.0.0
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4050A9EC-E950-43DC-8012-3E38AF5E6ECB}: NameServer = 192.168.1.254,0.0.0.0
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: My Server - Macrovision Corporation - C:\Program Files\Autodesk\Acade 2005\lic\lmgrd.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard
    hksrv.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • Voer alle instructies achter elkaar uit.
    Vanaf stap 5 (veilige modus), mag er geen internetverbinding meer zijn.

    1. Download CWShredder.
    Plaatst het bestand ergens waar je het makkelijk kan terug vinden, maar gebruik het nu nog niet.

    2. Download de trialversie van Ewido Security Suite.
    Installeer het.
    Na de installatie controleer je of er updates beschikbaar zijn. Download de nieuwste updates.
    Laat het programma nog niet scannen.

    3. Zorg dat alle verborgen bestanden weergegeven worden.

    4. Open een kladblokbestand.
    Kopieer onderstaande code in dit kladblokbestand.
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: fix.reg
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    [code:1:8b0da7b180]REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce][/code:1:8b0da7b180]
    5. Start de computer in veilige modus.

    6. Sluit alle vensters, run HijackThis nog een keer en laat volgende items repareren:
    [b:8b0da7b180]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cyutg.dll/sp.html#17702
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cyutg.dll/sp.html#17702
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cyutg.dll/sp.html#17702
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cyutg.dll/sp.html#17702
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cyutg.dll/sp.html#17702
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cyutg.dll/sp.html#17702
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {744A69F1-3231-8237-5712-680C19DA650A} - C:\WINDOWS\system32\ieuh.dll
    O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
    O4 - HKLM\..\Run: [msgm.exe] C:\WINDOWS\msgm.exe
    O4 - HKLM\..\Run: [appun.exe] C:\WINDOWS\appun.exe
    O4 - HKLM\..\Run: [winsl32.exe] C:\WINDOWS\system32\winsl32.exe
    O4 - HKLM\..\Run: [apppe.exe] C:\WINDOWS\apppe.exe
    O4 - HKLM\..\RunOnce: [ieqw.exe] C:\WINDOWS\system32\ieqw.exe
    O4 - HKLM\..\RunOnce: [javazd.exe] C:\WINDOWS\system32\javazd.exe
    O4 - HKLM\..\RunOnce: [syscx.exe] C:\WINDOWS\system32\syscx.exe
    O4 - HKLM\..\RunOnce: [javazi.exe] C:\WINDOWS\javazi.exe
    O4 - HKLM\..\RunOnce: [addes32.exe] C:\WINDOWS\system32\addes32.exe
    O4 - HKLM\..\RunOnce: [ierz32.exe] C:\WINDOWS\system32\ierz32.exe
    O4 - HKLM\..\RunOnce: [crzo32.exe] C:\WINDOWS\crzo32.exe[/b:8b0da7b180]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    7. Verwijder de volgende bestanden:
    C:\WINDOWS\cyutg.dll
    C:\WINDOWS\system32\ieuh.dll
    C:\WINDOWS\msgm.exe
    C:\WINDOWS\appun.exe
    C:\WINDOWS\system32\winsl32.exe
    C:\WINDOWS\apppe.exe
    C:\WINDOWS\system32\ieqw.exe
    C:\WINDOWS\system32\javazd.exe
    C:\WINDOWS\system32\syscx.exe
    C:\WINDOWS\javazi.exe
    C:\WINDOWS\system32\addes32.exe
    C:\WINDOWS\system32\ierz32.exe
    C:\WINDOWS\crzo32.exe

    8. Maak je Temp-map leeg: Start – Uitvoeren tik in: %TEMP%. Selecteer alle bestanden en verwijder ze.

    9. Ledig de map met Tijdelijke internetbestanden: Ga naar Configuratiescherm – Internetopties – tabblad Algemeen – klik bij Tijdelijke internetbestanden op Bestanden Verwijderen.

    10. Herstel je webinstellingen: ga naar Configuratiescherm – Internetopties – tabblad Programma’s. Klik op de knop Webinstellingen herstellen.

    11. Start CWShredder en klik op de fix-knop.

    12. Voer een volledige systeemscan uit met Ewido, en verwijder alles wat gevonden wordt.
    Na het scannen krijg je de mogelijkheid om het logje op te slaan. Doe dit.

    13. Open Hijackthis. Klik op de knop "Open de Misc tools section" en klik dan op de knop "Open ADS Spy…". Klik op Scan en als het klaar is sla je het logje op. (Knop Save log). Selecteer alle gevonden sleutels door ADSpy om te verwijderen, klik op de knop "remove selected" en laat ze verwijderen. Scan een tweede keer met ADSSpy. Indien er nog wat gevonden wordt laat je alles weer verwijderen.

    14. Reboot de computer nu in normale modus. Run HijackThis opnieuw en post een nieuwe log.
    Post ook het logje dat Ewido gemaakt heeft en het logje van ADS Spy.

    Groeten smeenk :wink:
  • Mijn hartelijke dank, ik zal het morgen uitvoeren.
  • hijachthis.log:

    Logfile of HijackThis v1.99.1
    Scan saved at 4:28:50 PM, on 8/29/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Netropa\Multimedia Keyboard
    hksrv.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Autodesk\Acade 2005\lic\lmgrd.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Autodesk\Acade 2005\lic\adskflex.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
    K:\Shareaza\Shareaza.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    E:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cyutg.dll/sp.html#17702
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cyutg.dll/sp.html#17702
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
    O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [Shareaza] "K:\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124349630390
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4050A9EC-E950-43DC-8012-3E38AF5E6ECB}: NameServer = 192.168.1.254,0.0.0.0
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4050A9EC-E950-43DC-8012-3E38AF5E6ECB}: NameServer = 192.168.1.254,0.0.0.0
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4050A9EC-E950-43DC-8012-3E38AF5E6ECB}: NameServer = 192.168.1.254,0.0.0.0
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: My Server - Macrovision Corporation - C:\Program Files\Autodesk\Acade 2005\lic\lmgrd.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard
    hksrv.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



    ———————————————————
    ewido security suite - Scan report
    ———————————————————

    + Created on: 4:18:36 PM, 8/29/2005
    + Report-Checksum: 34F2EA61

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{D605EAFF-2C3A-4619-43C1-4FFB062F68DE} -> Spyware.CoolWebSearch : Cleaned with backup
    C:\Documents and Settings\tosh\Local Settings\Temporary Internet Files\Content.IE5\0Z5R6M7L\outxxx[1].jpg -> TrojanDownloader.Small.azk : Cleaned with backup
    C:\ms32.tmp -> TrojanDownloader.Small.azk : Cleaned with backup
    C:\Program Files\Microsoft AntiSpyware\Quarantine\9B859D08-6886-4013-A9D0-528725\40AC061F-E35A-430D-B46C-66B33B -> Trojan.Small.ev : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1060284298-602609370-839522115-500\Dc10.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1060284298-602609370-839522115-500\Dc11.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1060284298-602609370-839522115-500\Dc12.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1060284298-602609370-839522115-500\Dc2.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1060284298-602609370-839522115-500\Dc3.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1060284298-602609370-839522115-500\Dc4.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1060284298-602609370-839522115-500\Dc7.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1060284298-602609370-839522115-500\Dc8.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1060284298-602609370-839522115-500\Dc9.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\003722_.tmp:htfts -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\003722_.tmp:xqqaw -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\addup32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\addvs.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\addzr.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\apimd32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\apipt32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\apphz32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\appss32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\atlvj.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\atlvl32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\atlyd.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\atlyw32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\Blue Lace 16.bmp:myojn -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\Blue Lace 16.bmp:tnzqv -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\bootstat.dat:mwkry -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\Coffee Bean.bmp:mdqzo -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\control.ini:tnlws -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\crmp32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\crpu.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\crwd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\d3eb.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\d3je.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\d3lf.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\eapqw.txt:kdctl -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\Greenstone.bmp:czprk -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\Greenstone.bmp:petsk -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\Greenstone.bmp:uinfa -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\Greenstone.bmp:xvfrt -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\iedq32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ieej.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ieum32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ipgs32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ipkd32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\iptm32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\iput.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\javahj32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\javapu.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\KB891781.log:wbhwq -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\KB893066.log:mmxtsm -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\KB896423.log:rvdtp -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\KB896727-IE6SP1-20050719.165959.log:kwnzj -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\KB899587.log:cwgel -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\KB900930.log:aqwcnw -> Spyware.SearchPage : Cleaned with backup
    C:\WINDOWS\mfcwi32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\msaq32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\msdfmap.ini:gwdyd -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\msdfmap.ini:pmdsa -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\Msiosd.ini:giliz -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS
    etpy32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS
    tba32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS
    thy32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS
    toy.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS
    twe.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ODBCINST.INI:eigbv -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\Prairie Wind.bmp:jtqes -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\QTFont.for:nxmrk -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\QTFont.qfn:vrjej -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\QTFont.qfn:wrekd -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\REGLOCS.OLD:stvpm -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\SchedLgU.Txt:uvbop -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\sysav.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\sysel32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\syseo.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32:rraa.dll -> TrojanDownloader.Small.azk : Cleaned with backup
    C:\WINDOWS\system32\addfc.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\apijy32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\apikm32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\apils.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\appkg.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\atlfy32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\atlms32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\atlnh32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\atlpk.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\atlsk32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\crdy32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\crro.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\d3jy.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\d3rt32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ieed32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\iegu32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ieos32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\iesb.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ipfy32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ipmk32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\javakb.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\javarw.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\javawe.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\mfcbq.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\mfcnl.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32
    etfp.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32
    etfw32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32
    etlh32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32
    etrw.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32
    etsa32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32
    tlj32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32
    tmo.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32
    tqf.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32
    tuz.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\oleext.dll -> Trojan.Small.ev : Cleaned with backup
    C:\WINDOWS\system32\sdkee.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sdkoi32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sysnp32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\syssf32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sysvp.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\winav.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\winoa.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\wintn.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\winws.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\wppp.html -> Spyware.PSGuard : Cleaned with backup
    C:\WINDOWS\vb.ini:pygpa -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\vb.ini:uazslz -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\vb.ini:xivgi -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\winay.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\wingo.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\winiw.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\winnt.bmp:egwow -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\winnt256.bmp:aznfp -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\winnt256.bmp:legvs -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\WMSysPr9.prx:dfyau -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\Zapotec.bmp:trqibl -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\_default.pif:atgmk -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:bhovp -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:cbocs -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\_default.pif:dfkrq -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\_default.pif:dtfbz -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\_default.pif:eutpu -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:fckwu -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\_default.pif:fqpaa -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\_default.pif:ikvoy -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:itofy -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:kioyd -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:ksbej -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\_default.pif:lmrmo -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:mbzgm -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\_default.pif:mxnhz -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:ocprz -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:pveiq -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\_default.pif:qadunq -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:salrw -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:slhgu -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:soxum -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:szuqd -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:uhbrc -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\_default.pif:viieb -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\_default.pif:vplie -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:weffp -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:wqkxp -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:wzcav -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:yenok -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:zrymm -> TrojanDownloader.Agent.bc : Cleaned with backup
    C:\WINDOWS\_default.pif:zsnqm -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\_default.pif:zvskn -> TrojanDownloader.Agent.bq : Cleaned with backup

    ::Report End


    adsspy.txt:


    C:\WINDOWS\KB890859.log : tmfoyb (0 bytes)
    C:\WINDOWS\KB896422.log : xoamoz (13581 bytes)
    C:\WINDOWS\KB896428.log : pptrrj (197755 bytes)
    C:\WINDOWS\KB898461.log : ipexlu (3567 bytes)
  • Dit ziet er al stukken beter uit :wink:

    Start HijackThis en kies voor "Do a systemscan only" en plaats een vinkje voor de volgende items:
    [b:7b5d83bce0]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cyutg.dll/sp.html#17702
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cyutg.dll/sp.html#17702
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack[/b:7b5d83bce0]
    Sluit alle open vensters(behalve HijackThis) en klik op "Fix checked" om de geselecteerde items te verwijderen.

    Herstart de PC en maak een nieuw log met HijackThis. Post dit log ter controle.

    Groeten Smeenk
  • Logfile of HijackThis v1.99.1
    Scan saved at 5:16:38 PM, on 8/29/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
    K:\Shareaza\Shareaza.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Netropa\Multimedia Keyboard
    hksrv.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Autodesk\Acade 2005\lic\lmgrd.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Autodesk\Acade 2005\lic\adskflex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    E:\hijackthis\HijackThis.exe
    C:\Program Files\Common Files\Symantec Shared\NMain.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [Shareaza] "K:\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124349630390
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4050A9EC-E950-43DC-8012-3E38AF5E6ECB}: NameServer = 192.168.1.254,0.0.0.0
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4050A9EC-E950-43DC-8012-3E38AF5E6ECB}: NameServer = 192.168.1.254,0.0.0.0
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4050A9EC-E950-43DC-8012-3E38AF5E6ECB}: NameServer = 192.168.1.254,0.0.0.0
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: My Server - Macrovision Corporation - C:\Program Files\Autodesk\Acade 2005\lic\lmgrd.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard
    hksrv.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • Smeenk, dit is wel een nasty bug.

    Het kende ook de volgende waarschuwing: "Windows Security Center

    Warning:Windows Firewall detected suspicious network activity on your computer. Malicious software codes try to steal your privacy information, such as credit card numbers, electronic mail accounts, financial data or passwords.

    Do you want to learn how to protect your computer?

    Yes/No "

    Indien je met ja wist te antwoorden werd je gewoon bij hen afgeleverd!
  • Je bent verlost van deze vervelende About blank infectie :)

    En inderdaad zijn dit linke dingen, je krijgt een melding dat je PC besmet is en wordt uitgenodigd om te gaan lezen hoe je deze infectie kunt verwijderen.
    Het gevolg van het klikken op "Ja" is alleen maar dat je nog meer zooi op je PC krijgt geïnstalleerd. Mijn advies is dus om nooit op dergelijke dingen in te gaan, behalve als dergelijke meldingen van je eigen antivirus of antispyware programma's afkomstig zijn. :wink:

    Groeten smeenk

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.