antivirus.startpagina.nl

trojan in ad aware?

  • Anonymous avatar

    beek

    gescand met avg en gaf mij dit te melden“trojan horse downloader.agent.aqn”

    in diverse mappen van taalkeuze, adaware free en adawarepro.

    is dit bij èèn van jullie bekend?

    ik heb al met google opgezocht maar nogal diverse verhalen.

    ik hoop dat jullie mij antwoord kan geven.

    groetjes beek

  • Anonymous avatar

    Auk

    beek schreef:

    > gescand met avg en gaf mij dit te melden"trojan horse

    > downloader.agent.aqn"

    > in diverse mappen van taalkeuze, adaware free en adawarepro.

    > is dit bij èèn van jullie bekend?

    Is al zo vaak uitgelegd….

    Ad-aware bevat bestanden met gegevens over spyware.

    Je virusscanner herkent deze bestanden.

    Auk

  • Anonymous avatar

    Avondsmurf

    Hoi Beek,

    Doorloop eerst de stappen van het stappenplan onder de rode link hierboven: LEES DIT EERST : http://www.virushelp.nl/partners/hijackthis/hijackthislog.htm

    Daarna zien we weer verder……. Smurfie :)

  • Anonymous avatar

    beek

    dus..

  • Anonymous avatar

    Auk

    beek schreef:

    >

    > dus..

    Dus wat ?

  • Anonymous avatar

    beek

    zat in verkeerde forum te typen “ dus..” niet voor hier bestemd.

    sorry

  • Anonymous avatar

    beek

    stappen gedaan en hier is mijn logje.

    Logfile of HijackThis v1.99.1

    Scan saved at 21:14:29, on 11-11-2005

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Sygate\SPF\smc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINDOWS\system32\slserv.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

    C:\WINDOWS\Explorer.EXE

    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

    C:\WINDOWS\system32\LVCOMSX.EXE

    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\MSN Messenger\msnmsgr.exe

    C:\Documents and Settings\eddo\Bureaublad\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=NL&range=AD&phase=6&key=SEARCH

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    R3 - Default URLSearchHook is missing

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O4 - HKLM\..\Run: Ati2mdxx.exe

    O4 - HKLM\..\Run: C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

    O4 - HKLM\..\Run: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

    O4 - HKLM\..\Run: C:\apps\ClickMe\ClickMe.exe

    O4 - HKLM\..\Run: E:\LiveBox.exe

    O4 - HKLM\..\Run: “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s

    O4 - HKLM\..\Run: C:\WINDOWS\system32\LVCOMSX.EXE

    O4 - HKLM\..\Run: “C:\Program Files\Microsoft AntiSpyware\gcasServ.exe”

    O4 - HKLM\..\Run: C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

    O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKCU\..\Run: “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O8 - Extra context menu item: &Google Zoeken - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131276727500

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

  • Anonymous avatar

    lucas

    Hoi Beek,

    Deze regela mag je nog even aan vinken ;)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = format.packardbell.com/cgi-bin/redirect/?country=NL&range=AD&phase=6&key=SEARCH

    R3 - Default URLSearchHook is missing

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    Messenger gedeinstalleerd ?

    Sluit alle vensters behalve hijack en klik op fix checked.

    Lucas :)

  • Anonymous avatar

    beek

    Messenger gedeinstalleerd ?

    ja, niet goed?

  • Anonymous avatar

    lucas

    Ja hoor, ik zocht even bevestiging.

    DIt zijn dus nog de restjes ;)

    Lucas :)