Vraag & Antwoord

4 antwoorden

Ik heb een irritante ad-ware of spyware op mijn systeem geeft iedere keer aan your computer is infected!. geeft na het schoonmaken met ad-aware/spybots/mcafee/ccleaner nog steeds aan…

kan hem niet uit of weghalen hier is ook mijn logje:

Logfile of HijackThis v1.99.1
Scan saved at 22:16:40, on 27-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
E:\multimedia\Creative\Surround Mixer\CTSysVol.exe
E:\multimedia\Creative\DVDAudio\CTDVDDet.EXE
E:\multimedia\pinnacle\pctv pro\Remote\Remoterm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
E:\multimedia\Creative\mediasource\Detector\CTDetect.exe
E:\Util\FDF\FASTDE~1\FAST2.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
E:\multimedia\Creative\mediasource\Go\CTCMSGo.exe
E:\Antivirus Program\Spybot - Search & Destroy\TeaTimer.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Antivirus Program\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [CTSysVol] E:\multimedia\Creative\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] E:\multimedia\Creative\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCTVRemote] E:\multimedia\pinnacle\pctv pro\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [gcasServ] "E:\Antivirus Program\microsoft antispyware\gcasServ.exe"
O4 - HKLM\..\Run: [PCLEPCI] E:\MULTIM~1\pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Creative Detector] "E:\multimedia\Creative\mediasource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [FAST Defrag] E:\Util\FDF\FASTDE~1\FAST2.EXE -tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative MediaSource Go] "E:\multimedia\Creative\mediasource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Antivirus Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HDDlife.lnk = E:\Util\hddlife\HDDlifePro.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Util\Logitech 518\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Internet\java\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Internet\java\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase2213.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4630/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: bw+0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

wie oh wie kan my heloen ? van hieruit thanx

Anoniem 27 december 2005 21:17

Print deze instructies uit of sla ze op in een kladblokbestand en plaatst dit op je bureaublad.

1. Download [b:c822460566]smitRem.exe[/b:c822460566].
Pak alle bestanden uit op je bureaublad.

2. Start je computer op in [b:c822460566]veilige modus[/b:c822460566].

3. Open de smitrem-map op je bureaublad, en dubbelklik op RunThis.bat. Volg de aanwijzigingen op het scherm.
Je bureaublad en ikoontjes zullen even verdwijnen en daarna terug verschijnen, dit is normaal.
Wacht tot het tooltje zijn werk heeft gedaan en Disk Cleanup afgelopen is. Dit kan enige tijd duren, dus wees geduldig.

4. Ga naar Start - configuratiescherm - vormgeving en thema's (als dat er niet staat moet je even op "Categorieweergave" klikken) - bureaublad - bureaublad aanpassen - Website .
Verwijder alles wat daar eventueel staat (behalve "Mijn huidige pagina").

5. Herstart je computer in normale modus.

6. Doe een online scan via [b:c822460566]Panda's online virus scan[/b:c822460566].
Krijg je de mogelijkheid om een logje op te slaan dan doe je dit.

7. Maak een nieuw HijackThis log en post deze.
Post ook het rapport (logje) van de Panda online scan.
Zoek naar c:\smitfiles.txt en post de inhoud van dit bestand ook.
Vertel even hoe de situatie nu is.

Groeten smeenk

Anoniem 28 december 2005 00:28

[quote:9d54c732b1="smeenk"]Print deze instructies uit of sla ze op in een kladblokbestand en plaatst dit op je bureaublad.

1. Download [b:9d54c732b1]smitRem.exe[/b:9d54c732b1].
Pak alle bestanden uit op je bureaublad.

2. Start je computer op in [b:9d54c732b1]veilige modus[/b:9d54c732b1].

3. Open de smitrem-map op je bureaublad, en dubbelklik op RunThis.bat. Volg de aanwijzigingen op het scherm.
Je bureaublad en ikoontjes zullen even verdwijnen en daarna terug verschijnen, dit is normaal.
Wacht tot het tooltje zijn werk heeft gedaan en Disk Cleanup afgelopen is. Dit kan enige tijd duren, dus wees geduldig.

4. Ga naar Start - configuratiescherm - vormgeving en thema's (als dat er niet staat moet je even op "Categorieweergave" klikken) - bureaublad - bureaublad aanpassen - Website .
Verwijder alles wat daar eventueel staat (behalve "Mijn huidige pagina").

5. Herstart je computer in normale modus.

6. Doe een online scan via [b:9d54c732b1]Panda's online virus scan[/b:9d54c732b1].
Krijg je de mogelijkheid om een logje op te slaan dan doe je dit.

7. Maak een nieuw HijackThis log en post deze.
Post ook het rapport (logje) van de Panda online scan.
Zoek naar c:\smitfiles.txt en post de inhoud van dit bestand ook.
Vertel even hoe de situatie nu is.

Groeten smeenk [/quote:9d54c732b1]

thanx voor de snelle antwoord hier mijn nieuwe logje van Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 8:56:40, on 29-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
E:\Antivirus Program\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
E:\multimedia\Creative\Surround Mixer\CTSysVol.exe
E:\multimedia\Creative\DVDAudio\CTDVDDet.EXE
E:\multimedia\pinnacle\pctv pro\Remote\Remoterm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
E:\Antivirus Program\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
E:\multimedia\Creative\mediasource\Detector\CTDetect.exe
E:\Util\FDF\FASTDE~1\FAST2.EXE
C:\Program Files\Messenger\msmsgs.exe
E:\multimedia\Creative\mediasource\Go\CTCMSGo.exe
E:\Util\Logitech 518\SetPoint\SetPoint.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\MULTIM~1\pinnacle\SHARED~1\Filter\server.exe
E:\multimedia\pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
E:\multimedia\pinnacle\pctv pro\Vision\Vision.exe
E:\MULTIM~1\pinnacle\SHARED~1\Filter\VBI_SE~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
E:\Antivirus Program\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [CTSysVol] E:\multimedia\Creative\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] E:\multimedia\Creative\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCTVRemote] E:\multimedia\pinnacle\pctv pro\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCLEPCI] E:\MULTIM~1\pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SpySweeper] "E:\Antivirus Program\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Creative Detector] "E:\multimedia\Creative\mediasource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [FAST Defrag] E:\Util\FDF\FASTDE~1\FAST2.EXE -tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative MediaSource Go] "E:\multimedia\Creative\mediasource\Go\CTCMSGo.exe" /SCB
O4 - Startup: HDDlife.lnk = E:\Util\hddlife\HDDlifePro.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Util\Logitech 518\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Internet\java\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Internet\java\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase2213.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4630/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: bw+0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {02A5B628-C308-4F7E-B695-CA563D3C7F9F} - E:\Util\Logitech 518\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - E:\Antivirus Program\Spy Sweeper\WRSSSDK.exe

hier een logje van panda:

Incident Status Location

Adware:adware/wupd Not desinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\activex.inf
Adware:adware/look2me Not desinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\activex.ocx
Adware:adware/dollarrevenue Not desinfected C:\WINDOWS\drsmartload.dat
Adware:adware/secure32 Not desinfected C:\WINDOWS\system32\drivers\etc\hosts
hier logje van smitfiles:

smitRem © log file
version 2.8

by noahdfear

Microsoft Windows XP [versie 5.1.2600]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SpyAxeFix © by noahdfear

spyaxe directory present

spyaxe uninstaller present

Starting spyaxe uninstaller

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
"{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F}"="Security Update"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

Online Security Guide.url
Security Troubleshooting.url

~~~ Favorites ~~~

~~~ system32 folder ~~~

wbeconm.dll
1024 dir
msvol.tlb
ncompat.tlb
nvctrl.exe
mscornet.exe
hp***.tmp

~~~ Icons in System32 ~~~

ot.ico

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 824 'explorer.exe'
Killing PID 824 'explorer.exe'

Starting registry repairs

Deleting files

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

Online Security Guide.url

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN!

voor de rest is het al verholpen alleen zal ik natuurlijk voor aankomende tijd ff windows en mijn harde schijven toch een grote herinstallatie en schoonmaak houden…schijven ff formateren en opnieuw herindelen.

thanx en een prettige nieuwjaar toegewenst en ga door met deze digitale vrijwillige help forum.

Ps, ik hou ff in de gaten of er nog mogelijke resten van spy-ad-phish-en andere gevaren nog zijn…

grtjes wingman….

Anoniem 29 december 2005 08:09

Graag gedaan hoor

Deze regels mag je nog fixen met behulp van HijackThis:
[b:9ea4b4869b]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKCU\..\Run: [LDM] \Program\
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase2213.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab [/b:9ea4b4869b]

Deze snelkoppeling is nog aanwezig op je systeem, zoek deze op en verwijder deze: [b:9ea4b4869b]Online Security Guide.url [/b:9ea4b4869b]

Download Killbox.
Klik op killbox.exe.
Kies de optie: "[b:9ea4b4869b]Delete on reboot[/b:9ea4b4869b]".

[b:9ea4b4869b]Kopieer[/b:9ea4b4869b] het volgende vetgedrukt deel:

[b:9ea4b4869b]C:\WINDOWS\DOWNLOADED PROGRAM FILES\activex.inf
C:\WINDOWS\DOWNLOADED PROGRAM FILES\activex.ocx
C:\WINDOWS\drsmartload.dat[/b:9ea4b4869b]

Open [b:9ea4b4869b]'file'[/b:9ea4b4869b] in het killboxmenu bovenaan en kies: [b:9ea4b4869b]Paste from clipboard[/b:9ea4b4869b]

Je zal zien, het bovenstaande vetgedrukte zal staan in het "Full Path of File to Delete"-veld.
Er is een klein pijltje naast dat veld. Als je daarop klikt zal je al die bovenstaande lijntjes (indien bestanden aanwezig) die je gekopieerd hebt zien staan (dit is alvast de bedoeling)

Klik op de knop: [b:9ea4b4869b]All files[/b:9ea4b4869b] (!Belangrijk!)

Daarna, Klik op de rode cirkel met het wit kruisje erin.
Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES.

Je pc moet nu rebooten.

Daarna zijn die 3 bestanden verdwenen :wink:

Anoniem 29 december 2005 11:50

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Vraag & Antwoord

spyware.exe

Beantwoord deze vraag

Gerelateerde vragen

Registreren

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Bedankt!

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!