Vraag & Antwoord

23 antwoorden

ISTsvc
ISTbar staan niet in de lijst.

Logfile of HijackThis v1.99.1
Scan saved at 20:27:25, on 22-2-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
F:\Program Files\Logitech\Video\LogiTray.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Cees Gijsbers\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\program files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5E2B3C89-9B16-4105-9580-A4470D42FBDF} - C:\Documents and Settings\Frida Gijsbers\Local Settings\Application Data\microsoft\internet explorer\5inav.dat
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] F:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] F:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: CleanTemp.lnk = F:\program files\CleanTemp.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135681009578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bw+0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Anoniem 22 februari 2006 19:29

De PC van m'n puber dochters ( met Kazaa) …….

Wie helpt ?

Logfile of HijackThis v1.99.1
Scan saved at 21:04:25, on 21-2-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
F:\Program Files\Logitech\Video\LogiTray.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Cees Gijsbers\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\program files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5E2B3C89-9B16-4105-9580-A4470D42FBDF} - C:\Documents and Settings\Frida Gijsbers\Local Settings\Application Data\microsoft\internet explorer\5inav.dat
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] F:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] F:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [lYUQE1WaîžaaîžaaøY§C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\qtfkpsr.exe
O4 - HKLM\..\Run: [lYUQE1WaîžaaîžaîžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\qtfkpsr.exe
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\qtfkpsr.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: CleanTemp.lnk = F:\program files\CleanTemp.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135681009578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bw+0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Anoniem 21 februari 2006 20:06

Ga naar Configuratiescherm – Software en probeer de volgende programma's te deïnstalleren:
[b:575ec6abf2]SurfAccuracy
ISTsvc
ISTbar
P2P Networking[/b:575ec6abf2]

Herstart je computer en plaats een nieuw log van HijackThis :wink:

Anoniem 21 februari 2006 21:10

[quote:8a10131042="charrie"]ISTsvc
ISTbar staan niet in de lijst.

Logfile of HijackThis v1.99.1
Scan saved at 20:27:25, on 22-2-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

[/quote:8a10131042]

dit is heel gevaarlijk

Anoniem 22 februari 2006 21:39

1. Download ATF cleaner (gemaakt door Atribune)

2. Start HijackThis nog een keer kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
[b:15666249e1]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {5E2B3C89-9B16-4105-9580-A4470D42FBDF} - C:\Documents and Settings\Frida Gijsbers\Local Settings\Application Data\microsoft\internet explorer\5inav.dat
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
[/b:15666249e1]
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

3. Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij [b:15666249e1]Select All[/b:15666249e1].
Klik op de knop [b:15666249e1]Empty Selected[/b:15666249e1].

Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij [b:15666249e1]Select All[/b:15666249e1].
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop [b:15666249e1]Empty Selected[/b:15666249e1].

Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij [b:15666249e1]Select All[/b:15666249e1].
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop [b:15666249e1]Empty Selected[/b:15666249e1].
Ga naar het tabblad "Main" en klik op de knop [b:15666249e1]Exit[/b:15666249e1] om het programma af te sluiten.

4. Herstart de computer.

5. Start HijackThis opnieuw, maak een nieuwe log en post deze ter controle.

Groeten smeenk

Anoniem 23 februari 2006 06:15

Ik heb met ATF cleaner niet alle cookies verwijderd, want dan moeten alle wachtwoorden toch weer opnieuw ingevoerd worden ?
Of moet dat toch ?

Logfile of HijackThis v1.99.1
Scan saved at 17:22:08, on 23-2-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
F:\Program Files\Logitech\Video\LogiTray.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Cees Gijsbers\Bureaublad\Nieuwe map\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\program files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] F:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] F:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: CleanTemp.lnk = F:\program files\CleanTemp.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135681009578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bw+0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {71B71682-0CC9-498E-9BCC-49585934F50F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Anoniem 23 februari 2006 16:22

Je HijackThis logje ziet er weer goed uit [quote:277d7f0ea5="charrie"]ISTsvc
ISTbar staan niet in de lijst.[/quote:277d7f0ea5]Toch zag ik deze niet meer in je logje staan.
Blijkbaar heb je deze toch gedeïnstalleerd?

Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden. Hoe verborgen bestanden en mappen weergeven.
Haal ook het vinkje weg bij: "Bestandsextensies verbergen voor bekende bestandstypes". Dit bevestigen met "OK".

Zoek met je verkenner de volgende mappen en/of bestanden(vetgedrukt) en verwijder deze indien ze aanwezig zijn:
C:\WINDOWS\System32\[b:277d7f0ea5]P2P Networking[/b:277d7f0ea5]\ <= deze map
C:\WINDOWS\[b:277d7f0ea5]qtfkpsr.exe[/b:277d7f0ea5]
C:\Program Files\[b:277d7f0ea5]SurfAccuracy[/b:277d7f0ea5]\ <= deze map

Maak daarna je prullenbak leeg.

Wat betreft die Cookies, als er veel websites zijn waar je regelmatig inloggen moet kun je deze beter niet verwijderen met ATF Cleaner omdat je dan inderdaad alle wachtwoorden opnieuw invullen moet.

Je zou ook Ccleaner kunnen gebruiken, deze heeft bij "Geavanceerd" een optie om in te stellen van welke websites de cookies behouden moeten blijven.
Er zijn veel cookies die erg nutteloos zijn, af en toe opschonen is geen verkeerde zaak :wink:

Doe een online scan via Panda's online virus scan.
Krijg je de mogelijkheid om een logje op te slaan dan doe je dit.
Post ook het logje van Panda.

Groeten smeenk

Anoniem 23 februari 2006 17:07

Ik heb na de active scan nog via zoeken enkele p2p bestanden verwijderd.

Incident Status Location

Adware:adware/p2pnetworking Not disinfected C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl
Dialer:dialer.b Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\EGAUTH.inf
Adware:adware/savenow Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\WUInst.inf
Adware:adware/keenvalue Not disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho
Adware:adware/downloadware Not disinfected C:\WINDOWS\Digital Signature 20031001.htm
Dialer:dialer.su Not disinfected C:\WINDOWS\run.cxq
Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys
Adware:adware/delfinmedia Not disinfected C:\PROGRAM FILES\DelFin
Adware:adware/ist.istbar Not disinfected C:\PROGRAM FILES\gmsoft
Potentially unwanted tool:application/myway Not disinfected C:\PROGRAM FILES\MyWay
Adware:adware/cydoor Not disinfected C:\WINDOWS\cdmxtras
Adware:adware/searchexe Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/brilliantdigital Not disinfected Windows Registry
Adware:Adware/P2PNetworking Not disinfected C:\Documents and Settings\Cees Gijsbers\Bureaublad\Nieuwe map\backups\backup-20060223-171136-706.dll
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@ath.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@belnk[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@desktop.kazaa[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@dist.belnk[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@winfixer[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@www.advnt01[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@adopt.hbmediapro[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@c2.gostats[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@desktop.kazaa[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@dist.belnk[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@offeroptimizer[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@searchportal.information[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@winfixer[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@www.advnt01[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Gast\Cookies\gast@desktop.kazaa[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Gast\Cookies\gast@kinghost[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Gast\Cookies\gast@rn11[1].txt
Dialerialer.ENO Not disinfected C:\Documents and Settings\Julie Gijsbers\Bureaublad\onzin bestanden\Mijn Playarkanoid.exe
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@adopt.hbmediapro[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@c2.gostats[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@desktop.kazaa[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@dist.belnk[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@offeroptimizer[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@winfixer[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@xiti[1].txt
Adware:Adware/P2PNetworking Not disinfected C:\Documents and Settings\Julie Gijsbers\Local Settings\Temp\p2psetup.exe
Spyware:Cookie/3 Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@3[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@apmebf[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@c2.gostats[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@desktop.kazaa[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@dist.belnk[2].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@pop.mircx[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@rightmedia[2].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@www.xzoomy[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@xiti[1].txt
Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\MyWay\myBar\2.bin\MY2NS.EXE
Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
Spyware:Cookie/Kazaa Networks Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@desktop.kazaa[2].txt
Spyware:Cookie/go Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@go[1].txt
Spyware:Cookie/Mircx Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@pop.mircx[2].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@smni[1].txt
Spyware:Cookie/Advnt Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@www.advnt01[1].txt
Dialerialer.AWI Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Local Settings\Temp\$QuickPage\sed.exe
Dialerialer.SU Not disinfected C:\WINDOWS\run.cxq
Dialerialer.AWI Not disinfected C:\WINDOWS\SYSTEM32\cp.exe
Adware:Adware/P2PNetworking Not disinfected C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl
Dialerialer.AWI Not disinfected C:\WINDOWS\SYSTEM32\sed.exe
Potentially unwanted tool:Application/MyWay Not disinfected K:\Hijack\backup-20040626-161141-157.dll
Potentially unwanted tool:Application/FunWeb Not disinfected K:\Hijack\backup-20040626-161141-169.inf
Adware:Adware/P2PNetworking Not disinfected K:\Hijack\backup-20040626-161141-659.dll

Anoniem 24 februari 2006 18:49

Hoi smeenk..

Ook is het handig om even dit te doen :wink:

Ga naar Start–>Instellingen–>Config.Scherm–>Software–> En déinstalleer [b:d5191ffa57]LogiTech Desktop manager[/b:d5191ffa57]

Plaats Vervolgens een nieuw Hijackthislogje.

Greetz ChRizz..

Anoniem 24 februari 2006 20:32

@ChRizz: Je bedoelt het goed, maar je zult bij een dergelijk advies uit moeten leggen waarom die Logitech Desktop Messenger gedeïnstalleerd mag worden.
Iemand die hardware van Logitech gebruikt zal deze namelijk niet graag verwijderen omdat ze bang zijn dat bijvoorbeeld hun muis het nadien niet meer zal doen.

De Logitech Desktop Messenger dient alleen om te controleren of er updates zijn voor Logitech producten en geeft daar dan meldingen van.
Aangezien je natuurlijk ook zelf kan controleren of er updates beschikbaar zijn is dit een onnodig programma dat de prestaties van je PC naar beneden haalt en daarom best wel gedeïnstalleerd mag worden :wink:

@charrie: geef even aan welke bestanden van het Panda logje je al gevonden en verwijderd hebt :wink:

Anoniem 24 februari 2006 23:24

Ik weet niet meer precies welke p2p bestanden ik verwijderd heb, het was geloof ik een mapje in mijn documenten en een aantal dll files.

Logitech desktop manager verwijderd.

Ik maak een nieuw Panda log maar dat duurt wel een paar uur.

Anoniem 25 februari 2006 06:58

Wacht dan maar met het verwijderen van bepaalde zaken die gevonden worden, ik baseer mijn adviezen altijd op de logjes die geplaatst worden, als daar al dingen gewijzigd zijn kloppen mijn tips eigenijk niet meer :wink:

Anoniem 25 februari 2006 07:41

Incident Status Location

Dialer:dialer.b Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\EGAUTH.inf
Adware:adware/savenow Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\WUInst.inf
Adware:adware/keenvalue Not disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho
Adware:adware/downloadware Not disinfected C:\WINDOWS\Digital Signature 20031001.htm
Dialer:dialer.su Not disinfected C:\WINDOWS\run.cxq
Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys
Adware:adware/delfinmedia Not disinfected C:\PROGRAM FILES\DelFin
Adware:adware/ist.istbar Not disinfected C:\PROGRAM FILES\gmsoft
Potentially unwanted tool:application/myway Not disinfected C:\PROGRAM FILES\MyWay
Adware:adware/cydoor Not disinfected C:\WINDOWS\cdmxtras
Adware:adware/searchexe Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/brilliantdigital Not disinfected Windows Registry
Adware:Adware/P2PNetworking Not disinfected C:\Documents and Settings\Cees Gijsbers\Bureaublad\Nieuwe map\backups\backup-20060223-171136-706.dll
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@ath.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@belnk[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@desktop.kazaa[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@dist.belnk[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@winfixer[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@www.advnt01[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@adopt.hbmediapro[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@c2.gostats[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@desktop.kazaa[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@dist.belnk[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@offeroptimizer[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@searchportal.information[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@winfixer[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@www.advnt01[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Gast\Cookies\gast@desktop.kazaa[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Gast\Cookies\gast@kinghost[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Gast\Cookies\gast@rn11[1].txt
Dialerialer.ENO Not disinfected C:\Documents and Settings\Julie Gijsbers\Bureaublad\onzin bestanden\Mijn Playarkanoid.exe
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@adopt.hbmediapro[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@c2.gostats[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@desktop.kazaa[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@dist.belnk[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@offeroptimizer[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@winfixer[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@xiti[1].txt
Adware:Adware/P2PNetworking Not disinfected C:\Documents and Settings\Julie Gijsbers\Local Settings\Temp\p2psetup.exe
Spyware:Cookie/3 Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@3[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@apmebf[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@c2.gostats[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@desktop.kazaa[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@dist.belnk[2].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@pop.mircx[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@rightmedia[2].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@www.xzoomy[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@xiti[1].txt
Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\MyWay\myBar\2.bin\MY2NS.EXE
Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
Spyware:Cookie/Kazaa Networks Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@desktop.kazaa[2].txt
Spyware:Cookie/go Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@go[1].txt
Spyware:Cookie/Mircx Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@pop.mircx[2].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@smni[1].txt
Spyware:Cookie/Advnt Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@www.advnt01[1].txt
Dialerialer.AWI Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Local Settings\Temp\$QuickPage\sed.exe
Dialerialer.SU Not disinfected C:\WINDOWS\run.cxq
Dialerialer.AWI Not disinfected C:\WINDOWS\SYSTEM32\cp.exe
Dialerialer.AWI Not disinfected C:\WINDOWS\SYSTEM32\sed.exe
Potentially unwanted tool:Application/MyWay Not disinfected K:\Hijack\backup-20040626-161141-157.dll
Potentially unwanted tool:Application/FunWeb Not disinfected K:\Hijack\backup-20040626-161141-169.inf
Adware:Adware/P2PNetworking Not disinfected K:\Hijack\backup-20040626-161141-659.dll

Anoniem 25 februari 2006 14:55

Download Killbox.
Klik op killbox.exe.
Kies de optie: "[b:1531e96f76]Delete on reboot[/b:1531e96f76]".

[b:1531e96f76]Kopieer[/b:1531e96f76] het volgende vetgedrukt deel:

[b:1531e96f76]C:\WINDOWS\DOWNLOADED PROGRAM FILES\EGAUTH.inf
C:\WINDOWS\DOWNLOADED PROGRAM FILES\WUInst.inf
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho
C:\WINDOWS\Digital Signature 20031001.htm
C:\WINDOWS\run.cxq
C:\WINDOWS\smdat32a.sys
C:\Documents and Settings\Cees Gijsbers\Bureaublad\Nieuwe map\backups\backup-20060223-171136-706.dll
C:\Documents and Settings\Julie Gijsbers\Bureaublad\onzin bestanden\Mijn Playarkanoid.exe
C:\Documents and Settings\Julie Gijsbers\Local Settings\Temp\p2psetup.exe
C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Local Settings\Temp\$QuickPage\sed.exe
C:\WINDOWS\SYSTEM32\cp.exe
C:\WINDOWS\SYSTEM32\sed.exe
K:\Hijack\backup-20040626-161141-157.dll
K:\Hijack\backup-20040626-161141-169.inf
K:\Hijack\backup-20040626-161141-659.dll[/b:1531e96f76]

Open [b:1531e96f76]'file'[/b:1531e96f76] in het killboxmenu bovenaan en kies: [b:1531e96f76]Paste from clipboard[/b:1531e96f76]

Je zal zien, het bovenstaande vetgedrukte zal staan in het "Full Path of File to Delete"-veld.
Er is een klein pijltje naast dat veld. Als je daarop klikt zal je al die bovenstaande lijntjes (indien bestanden aanwezig) die je gekopieerd hebt zien staan (dit is alvast de bedoeling)

Klik op de knop: [b:1531e96f76]All files[/b:1531e96f76] (!Belangrijk!)

Daarna, Klik op de rode cirkel met het wit kruisje erin.
Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES.

Je pc moet nu rebooten.

Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden. Hoe verborgen bestanden en mappen weergeven.

Na de herstart verwijder je de volgende mappen:
C:[b:1531e96f76]!Killbox[/b:1531e96f76]\ <= dit zijn de backups van Killbox en die mogen wel weg
C:\PROGRAM FILES\[b:1531e96f76]DelFin[/b:1531e96f76]\
C:\PROGRAM FILES\[b:1531e96f76]gmsoft[/b:1531e96f76]\
C:\PROGRAM FILES\[b:1531e96f76]MyWay[/b:1531e96f76]\
C:\WINDOWS\[b:1531e96f76]cdmxtras[/b:1531e96f76]\

Maak daarna je prullenbak leeg.

Anoniem 25 februari 2006 18:01

Nog een nieuw panda log ?
Ik zal het vannacht maken.

Anoniem 25 februari 2006 20:57

Mag je doen, er zullen waarschijnlijk vooral cookies gevonden worden en wat vermeldingen in het register.
Misschien kunnen we daar ook iets tegen doen :wink:

Anoniem 25 februari 2006 21:12

Incident Status Location

Adware:adware/savenow Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\WUInst.inf
Adware:adware/keenvalue Not disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho
Adware:adware/downloadware Not disinfected C:\WINDOWS\Digital Signature 20031001.htm
Dialer:dialer.su Not disinfected C:\WINDOWS\run.cxq
Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys
Adware:adware/searchexe Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MY WAY SPEEDBAR UNINSTALL
Adware:adware/p2pnetworking Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/ist.istbar Not disinfected Windows Registry
Dialer:dialer.b Not disinfected HKEY_CLASSES_ROOT\Interface\{8F0A06F6-DF4D-4D54-B8CA-E8EEDBAE6DDB}
Adware:Adware/P2PNetworking Not disinfected C:\Documents and Settings\Cees Gijsbers\Bureaublad\Nieuwe map\backups\backup-20060223-171136-706.dll
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@ath.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@belnk[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@desktop.kazaa[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@dist.belnk[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@winfixer[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@www.advnt01[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@adopt.hbmediapro[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@c2.gostats[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@desktop.kazaa[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@dist.belnk[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@offeroptimizer[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@searchportal.information[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@winfixer[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@www.advnt01[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Gast\Cookies\gast@desktop.kazaa[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Gast\Cookies\gast@kinghost[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Gast\Cookies\gast@rn11[1].txt
Dialerialer.ENO Not disinfected C:\Documents and Settings\Julie Gijsbers\Bureaublad\onzin bestanden\Mijn Playarkanoid.exe
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@adopt.hbmediapro[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@c2.gostats[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@desktop.kazaa[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@dist.belnk[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@offeroptimizer[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@winfixer[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@xiti[1].txt
Adware:Adware/P2PNetworking Not disinfected C:\Documents and Settings\Julie Gijsbers\Local Settings\Temp\p2psetup.exe
Spyware:Cookie/3 Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@3[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@apmebf[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@c2.gostats[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@desktop.kazaa[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@dist.belnk[2].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@pop.mircx[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@rightmedia[2].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@www.xzoomy[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\steefje\Cookies\steefje@xiti[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@desktop.kazaa[2].txt
Spyware:Cookie/go Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@go[1].txt
Spyware:Cookie/Mircx Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@pop.mircx[2].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@smni[1].txt
Spyware:Cookie/Advnt Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@www.advnt01[1].txt
Dialerialer.AWI Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Local Settings\Temp\$QuickPage\sed.exe
Dialerialer.SU Not disinfected C:\WINDOWS\run.cxq
Dialerialer.AWI Not disinfected C:\WINDOWS\SYSTEM32\cp.exe
Dialerialer.AWI Not disinfected C:\WINDOWS\SYSTEM32\sed.exe
Potentially unwanted tool:Application/MyWay Not disinfected K:\Hijack\backup-20040626-161141-157.dll
Potentially unwanted tool:Application/FunWeb Not disinfected K:\Hijack\backup-20040626-161141-169.inf
Adware:Adware/P2PNetworking Not disinfected K:\Hijack\backup-20040626-161141-659.dll

Anoniem 26 februari 2006 09:46

Open een kladblokbestand.
Kopieer onderstaande code in dat bestand
Sla het bestand op je bureaublad op als delfiles.bat
Kies voor opslaan als bestandtype: Alle bestanden(*.*)[code:1:ce3d829c08]%systemdrive%
cd C:\WINDOWS\DOWNLOADED PROGRAM FILES
del WUInst.inf
cd C:\WINDOWS\SYSTEM32\DRIVERS\ETC
del hosts.bho
cd C:\WINDOWS
del Digita~1.htm
del run.cxq
del smdat32a.sys
cd C:\Documents and Settings\Cees Gijsbers\Bureaublad\Nieuwe map\backups
del backup-20060223-171136-706.dll
cd C:\Documents and Settings\Gast\Cookies
del gast@desktop.kazaa[1].txt
del gast@kinghost[1].txt
del gast@rn11[1].txt
cd C:\Documents and Settings\Julie Gijsbers\Bureaublad\onzin bestanden
del MijnPl~1.exe
cd C:\Documents and Settings\Julie Gijsbers\Local Settings\Temp
del p2psetup.exe
cd C:\Documents and Settings\steefje\Cookies
del steefje@3[2].txt
del steefje@apmebf[2].txt
del steefje@belnk[1].txt
del steefje@c2.gostats[2].txt
del steefje@desktop.kazaa[2].txt
del steefje@dist.belnk[2].txt
del steefje@pop.mircx[1].txt
del steefje@rightmedia[2].txt
del steefje@www.xzoomy[1].txt
del steefje@xiti[1].txt
del C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Local Settings\Temp\$QuickPage/sed.exe
del C:\WINDOWS\SYSTEM32\cp.exe
del C:\WINDOWS\SYSTEM32\sed.exe
del K:\Hijack\backup-20040626-161141-157.dll
del K:\Hijack\backup-20040626-161141-169.inf
del K:\Hijack\backup-20040626-161141-659.dll[/code:1:ce3d829c08]Dubbelklik daarna op delfiles.bat

1) Open een kladblokbestand.
2) Kopieer onderstaande code in dit kladblokbestand.
3) Ga naar Bestand - Opslaan als.
-Bij "Opslaan in" kies je: Bureaublad
-Bij "Bestandsnaam" zet je: fix.reg
-Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
-Klik op de knop Opslaan.[code:1:ce3d829c08]REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MY WAY SPEEDBAR UNINSTALL]
[-HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}]
[-HKEY_CLASSES_ROOT\Interface\{8F0A06F6-DF4D-4D54-B8CA-E8EEDBAE6DDB}]
[-HKEY_CLASSES_ROOT\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0}]
[-HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}]
[-HKEY_CURRENT_USER\Software\P2P Networking]
[-HKEY_LOCAL_MACHINE\Sofware\P2P Networking]
[-HKEY_CLASSES_ROOT\clsid\{00041a26-7033-432c-94c7-6371de343822}]
[-HKEY_CLASSES_ROOT\clsid\{002f4e27-b273-4fa5-adfc-1fb9ed210b37}]
[-HKEY_CLASSES_ROOT\clsid\{49de8655-4d15-4536-b67c-2aa6c1106740}]
[-HKEY_CLASSES_ROOT\clsid\{9368d063-44be-49b9-bd14-bb9663fd38fc}]
[-HKEY_CLASSES_ROOT\interface\{1eb48aa7-d3fe-4e4c-ac8e-b01594496ac0}]
[-HKEY_CLASSES_ROOT\interface\{42bd9965-303d-4cfb-aae0-dcadcb791a55}]
[-HKEY_CLASSES_ROOT\interface\{83a13e87-fa20-4b6a-aae8-c1226b5e1573}]
[-HKEY_CLASSES_ROOT\interface\{f5f0a448-2bcd-459e-8743-c39154ee1ca8}]
[-HKEY_CLASSES_ROOT\typelib\{a8f92c35-530b-4907-922c-ce31d4b6b14a}]
[-HKEY_CLASSES_ROOT\webcom.webbar]
[-HKEY_CLASSES_ROOT\webcom.webbar.1]
[-HKEY_CLASSES_ROOT\webcom.webbho]
[-HKEY_CLASSES_ROOT\webcom.webbho.1]
[-HKEY_CLASSES_ROOT\webcom.webcommand]
[-HKEY_CLASSES_ROOT\webcom.webcommand.1]
[-HKEY_CLASSES_ROOT\webcom.websearch]
[-HKEY_CLASSES_ROOT\webcom.websearch.1]
[-HKEY_LOCAL_MACHINE\software\search-exe]
[-HKEY_LOCAL_MACHINE\software\search-exe\prefs]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbarISTbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F1ABCDB-A875-46c1-8345-B72A4567E486}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5F1ABCDB-A875-46c1-8345-B72A4567E486}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5F1ABCDB-A875-46c1-8345-B72A4567E486}][/code:1:ce3d829c08]4) Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

Je zou hierna opnieuw een online scan met Panda kunnen doen om te kijken of alles weg is

Anoniem 27 februari 2006 11:00

Bedankt !
Ik maak nu een nieuwe Panda scan en post het resultaat morgen.

Anoniem 27 februari 2006 19:41

Incident Status Location

Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32m.sys
Adware:adware/downloadware Not disinfected C:\PROGRAM FILES\MediaLoads
Dialer:dialer.su Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/RUN.CXQ
Adware:adware/searchexe Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MYWAY
Adware:adware/surfaccuracy Not disinfected Windows Registry
Dialer:dialer.b Not disinfected HKEY_CLASSES_ROOT\Interface\{2E30AC01-99D7-4E9C-B13E-94E1701B0AC9}
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@ath.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@belnk[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@desktop.kazaa[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@dist.belnk[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@winfixer[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Charlotte Gijsbers\Cookies\charlotte gijsbers@www.advnt01[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@adopt.hbmediapro[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@c2.gostats[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@desktop.kazaa[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@dist.belnk[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@offeroptimizer[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@searchportal.information[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@winfixer[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Frida Gijsbers\Cookies\frida gijsbers@www.advnt01[1].txt
Adware:Adware/Gator Not disinfected C:\Documents and Settings\Frida Gijsbers\Local Settings\Temp\FSG.exe
Spyware:Spyware/Altnet Not disinfected C:\Documents and Settings\Frida Gijsbers\Local Settings\Temp\TopSearch.dll
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@adopt.hbmediapro[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@c2.gostats[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@desktop.kazaa[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@dist.belnk[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@offeroptimizer[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@winfixer[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Julie Gijsbers\Cookies\julie gijsbers@xiti[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@desktop.kazaa[2].txt
Spyware:Cookie/go Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@go[1].txt
Spyware:Cookie/Mircx Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@pop.mircx[2].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@smni[1].txt
Spyware:Cookie/Advnt Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Cookies\charlotte gijsbers@www.advnt01[1].txt
Dialerialer.AWI Not disinfected C:\RECYCLER\S-1-5-21-643571872-3685698554-67682326-1012\Dc195\Local Settings\Temp\$QuickPage\sed.exe

Anoniem 27 februari 2006 20:56

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Vraag & Antwoord

Nog een Hijack file

Beantwoord deze vraag

Gerelateerde vragen

Registreren

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Bedankt!

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!