Vraag & Antwoord

Beveiliging & privacy

Logfile van HijackThis

11 antwoorden
  • Kan iemand mijn Logfile van HijackThis nakijken? Greetz Sharp Logfile of HijackThis v1.99.1 Scan saved at 17:18:59, on 31-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\sstray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Nieuwe map\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\WINDOWS\system32\wuauclt.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SATARaid.lnk = ? O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130439958984 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2E426A92-3B40-494C-8308-A8CD7FC9F04E}: NameServer = 85.255.116.163 O17 - HKLM\System\CCS\Services\Tcpip\..\{37E73C68-AA03-430F-979E-F499B07F3A86}: NameServer = 85.255.116.163 O17 - HKLM\System\CCS\Services\Tcpip\..\{67428A61-E6DC-44DB-870D-DBC3A61BFFE6}: NameServer = 85.255.116.163 O17 - HKLM\System\CCS\Services\Tcpip\..\{6D5BA672-C51F-4778-ACD5-3147539D6C6E}: NameServer = 85.255.116.163 O17 - HKLM\System\CCS\Services\Tcpip\..\{D769AA54-C521-4691-A9DD-AA516C9011D7}: NameServer = 85.255.116.163 O17 - HKLM\System\CCS\Services\Tcpip\..\{FC3BE72D-7CD7-4D2C-A144-14B3E2D6FEA0}: NameServer = 85.255.116.163 O17 - HKLM\System\CS1\Services\Tcpip\..\{2E426A92-3B40-494C-8308-A8CD7FC9F04E}: NameServer = 85.255.116.163 O17 - HKLM\System\CS2\Services\Tcpip\..\{2E426A92-3B40-494C-8308-A8CD7FC9F04E}: NameServer = 85.255.116.163 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  • ja dat kan ik
  • Weer een wareoutinfectie. Start HJT opnieuw en doe een systemscan only, vink onderstaande regels aan sluit alle vensters behalve HJT en klik dan op fix checked. [code:1:87a149f979] O17 - HKLM\System\CCS\Services\Tcpip\..\{2E426A92-3B40-494C-8308-A8CD7FC9F04E}: NameServer = 85.255.116.163 O17 - HKLM\System\CCS\Services\Tcpip\..\{37E73C68-AA03-430F-979E-F499B07F3A86}: NameServer = 85.255.116.163 O17 - HKLM\System\CCS\Services\Tcpip\..\{67428A61-E6DC-44DB-870D-DBC3A61BFFE6}: NameServer = 85.255.116.163 O17 - HKLM\System\CCS\Services\Tcpip\..\{6D5BA672-C51F-4778-ACD5-3147539D6C6E}: NameServer = 85.255.116.163 O17 - HKLM\System\CCS\Services\Tcpip\..\{D769AA54-C521-4691-A9DD-AA516C9011D7}: NameServer = 85.255.116.163 O17 - HKLM\System\CCS\Services\Tcpip\..\{FC3BE72D-7CD7-4D2C-A144-14B3E2D6FEA0}: NameServer = 85.255.116.163 O17 - HKLM\System\CS1\Services\Tcpip\..\{2E426A92-3B40-494C-8308-A8CD7FC9F04E}: NameServer = 85.255.116.163 O17 - HKLM\System\CS2\Services\Tcpip\..\{2E426A92-3B40-494C-8308-A8CD7FC9F04E}: NameServer = 85.255.116.163 [/code:1:87a149f979] Download de [color=blue:87a149f979][b:87a149f979]WareOutfix[/b:87a149f979][/color:87a149f979] van één van deze twee site's:[list:87a149f979][url=http://downloads.subratam.org/Fixwareout.exe][b:87a149f979]http://downloads.subratam.org/Fixwareout.exe[/b:87a149f979][/url] [url=http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe][b:87a149f979]http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe[/b:87a149f979][/url][/list:u:87a149f979]Sla het op op je Bureaublad en laat het runnen. Klik dan op [b:87a149f979]Next[/b:87a149f979], dan op [b:87a149f979]Install[/b:87a149f979], wees zeker dat [color=blue:87a149f979][b:87a149f979]Run fixit[/b:87a149f979][/color:87a149f979] is aangevinkt en klik op [b:87a149f979]Finish[/b:87a149f979]. De fix zal beginnen; volg de instructies die je krijgt. Er zal gevraagd worden of je je pc wilt herstarten; doe dit ook. Je computer zal nu wat trager opstarten, [i:87a149f979]dit is normaal[/i:87a149f979]. Zodra je Bureaublad geladen is, zal een tekstbestand openen ([b:87a149f979]report.txt[/b:87a149f979]). Post dit samen met een nieuw HijackThis log. Veel succes Juisterr
  • Bedankt voor het checken juisterr Het is me nu wel duidelijk waarom ik startpagina.nl niet meer kon bereiken. Hier is de Fixwareout Logfile en de logfile van HijackThis Vr.Gr. Sharp Fixwareout Last edited 1/1/2006 Post this report in the forums please ... Prerun check »»»»» HKLM run and Winlogon System values »»»»» ... Reg Entries that were deleted ... Random Runs removed from HKLM ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm kd and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal Other suspects. »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. »»»»» Postrun check »»»»» HKLM run »»»»» Winlogon System value "system"="" »»»»» ************************************** Logfile of HijackThis v1.99.1 Scan saved at 19:18:36, on 5-1-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\sstray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Blokker Bestelsoftware\Agent.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Nieuwe map\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\WINDOWS\system32\wuauclt.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Blokker Bestelsoftware\Agent.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SATARaid.lnk = ? O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130439958984 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  • Download en installeer [url=http://www.ewido.net/en/download/][b:fccf36c3c8]AVG Anti-Spyware[/b:fccf36c3c8][/url].[list:fccf36c3c8] Na de installatie, open AVG Anti-Spyware: * onder "[b:fccf36c3c8]Status[/b:fccf36c3c8]", klik op [b:fccf36c3c8]Change state[/b:fccf36c3c8] naast "Resident shield". (wijzig van active naar [b:fccf36c3c8]inactive[/b:fccf36c3c8]!) * onder "[b:fccf36c3c8]Update[/b:fccf36c3c8]", klik op de [b:fccf36c3c8]Start update[/b:fccf36c3c8] knop. * onder "[b:fccf36c3c8]Scanner[/b:fccf36c3c8]", tab "Settings":[list:fccf36c3c8]- onder "How to act?", klik op "[u:fccf36c3c8]Recommended actions[/u:fccf36c3c8]" en selecteer [b:fccf36c3c8]Quarantine[/b:fccf36c3c8]. ([b:fccf36c3c8]ZEER BELANGRIJK![/b:fccf36c3c8]) * onder "Reports", selecteer [b:fccf36c3c8]Automatically generate report after every scan[/b:fccf36c3c8] en [u:fccf36c3c8]verwijder[/u:fccf36c3c8] het vinkje bij [b:fccf36c3c8]Only if threats were found[/b:fccf36c3c8][/list:u:fccf36c3c8] Sluit AVG Anti-Spyware. Laat het [b:fccf36c3c8]nog niet[/b:fccf36c3c8] scannen.[/list:u:fccf36c3c8] Start op in [url=http://users.telenet.be/marcvn/spyware/1378056.htm]veilige modus[/url] Start [b:fccf36c3c8]AVG Anti-Spyware[/b:fccf36c3c8].[list:fccf36c3c8]* Klik op [b:fccf36c3c8]Scan[/b:fccf36c3c8] en kies [b:fccf36c3c8]Complete System Scan[/b:fccf36c3c8]. Na de scan; volg onderstaande instructies : [color=blue:fccf36c3c8]BELANGRIJK : Klik niet op de "Save Scan Report" knop vooraleer je de "Apply all Actions" knop hebt aangeklikt ![/color:fccf36c3c8] * Draag er zorg voor dat [b:fccf36c3c8]Set all elements to[/b:fccf36c3c8]: op [b:fccf36c3c8]Quarantine[/b:fccf36c3c8] staat [color=blue:fccf36c3c8](1)[/color:fccf36c3c8], zoniet klik op de link en kies [b:fccf36c3c8]Quarantine[/b:fccf36c3c8] in de popup menu.[color=blue:fccf36c3c8] (2)[/color:fccf36c3c8] (Dit geldt niet voor cookies, deze worden onveranderlijk gedelete !) * Onderaan het venster klik op de [b:fccf36c3c8]Apply all Actions[/b:fccf36c3c8] knop. [color=blue:fccf36c3c8](3)[/color:fccf36c3c8] [img:fccf36c3c8]http://home.scarlet.be/~topalex/ewidoscan.jpg[/img:fccf36c3c8] * Wanneer je de melding krijgt 'All actions have been applied', klik je onderaan op de knop [b:fccf36c3c8]Save Report[/b:fccf36c3c8]. * Klik in het menu bovenaan op [b:fccf36c3c8]Reports[/b:fccf36c3c8]. Kopieer het rapport van de scan en plaats dat hier in je volgende bericht.[/list:u:fccf36c3c8] Vervolgens start je opnieuw op in normale modus. - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel". - Zet een vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Windows vraagt of je dat zeker weet. - Klik "Ja". - Klik "OK". - Start de pc opnieuw op. - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?" - Klik "Ja". - Verwijder het vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Klik "OK". - Start de pc opnieuw op - Er is nu een nieuw schoon herstel punt aangemaakt Start weer op in veilige modus. Start weer je AVG scanner en doe nogmaals een scan. Start weer op in normale modus en Plaats een nieuw HJT logje aub. j
  • [quote:10cb507a06="sharp"]Bedankt voor het checken luisterr Het is me nu wel duidelijk waarom ik startpagina.nl niet meer kon bereiken. Hier is de Fixwareout Logfile en de logfile van HijackThis Vr.Gr. Sharp Fixwareout Last edited 1/1/2006 Post this report in the forums please ... Prerun check »»»»» HKLM run and Winlogon System values »»»»» ... Reg Entries that were deleted ... Random Runs removed from HKLM ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm kd and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal Other suspects. »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. »»»»» Postrun check »»»»» HKLM run »»»»» Winlogon System value "system"="" »»»»» ************************************** Logfile of HijackThis v1.99.1 Scan saved at 19:18:36, on 5-1-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\sstray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Blokker Bestelsoftware\Agent.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Nieuwe map\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\WINDOWS\system32\wuauclt.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Blokker Bestelsoftware\Agent.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SATARaid.lnk = ? O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130439958984 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe[/quote:10cb507a06]
  • ok.. heb ik gedaan.. Dit is het rapport. Heb al een hoop rotzooi verzameld zie ik. Ga zo nog een scan doen en dan plaats ik een hjk-logje --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 23:29:20 5-1-2007 + Scan result: C:\System Volume Information\_restore{661AE988-8A5F-4176-A02C-9CB9FE1B140F}\RP734\A0222079.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup (quarantined). C:\System Volume Information\_restore{661AE988-8A5F-4176-A02C-9CB9FE1B140F}\RP735\A0222128.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup (quarantined). C:\System Volume Information\_restore{661AE988-8A5F-4176-A02C-9CB9FE1B140F}\RP747\A0242673.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup (quarantined). C:\System Volume Information\_restore{661AE988-8A5F-4176-A02C-9CB9FE1B140F}\RP757\A0250600.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup (quarantined). C:\System Volume Information\_restore{661AE988-8A5F-4176-A02C-9CB9FE1B140F}\RP747\A0242666.exe -> Adware.WinAD : Cleaned with backup (quarantined). C:\WINDOWS\system32\expIorer.exe -> Adware.WinAD : Cleaned with backup (quarantined). C:\WINDOWS\update\pv.exe -> Not-A-Virus.Monitor.Win32.PrcView.3724 : Cleaned with backup (quarantined). C:\WINDOWS\update\start.exe -> Not-A-Virus.NetTool.Win32.CalcSETI@Home.c : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Cookies\eigenaar@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Eigenaar\Cookies\eigenaar@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned. C:\Documents and Settings\Eigenaar\Cookies\eigenaar@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned. C:\Documents and Settings\Eigenaar\Cookies\eigenaar@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned. C:\Documents and Settings\Eigenaar\Cookies\eigenaar@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Eigenaar\Cookies\eigenaar@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\My Downloads\Avast Pro v4.6.691 Crack Keygen Serial Patch WorKiNG.rar/Avast Pro v4.6.691 Crack Keygen Serial Patch\Avast_Pro_v4.6.691_Incl.Keygen_FRENCH-BS\avast\keygen.exe -> Trojan.Dialer.mo : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\14 More Space Wallpapers for 1024x768.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\24 Space Wallpapers for 1024x768.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\3D War Chess 1 1 zip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\78th Academy Awards - The first half hour - Xvid [Falafel].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\AV+Voice+Changer+Software+Diamond+v4 0 51.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Advanced search.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\AmazingYvonne- Collection of 77 wallpapers of Yvonne Catterfeld.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\BBC Planet Earth 1of5 From Pole to Pole DVB XviD MP3 www MVGroup org.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Batman and Robin Adventures.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Battle Of The Planets - The Complete Box Set.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Battle Of The Planets [COMPLETE].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Best Of Top Gear The Challenges WS PDTV XviD-HAGGiS [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Bishop 2003.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Browse categories.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\CCNA Network Visualizer 5.0 With Crack.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\CSI Miami PC game rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Cafferine First Image set - incl hi-rez (18yr old-NO nudity).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Chet Baker ings & plays from the film 'Let's Get Lost' (256kbps).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Chrissy Moran M&B Photosets.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Cyberlink PowerDVD Deluxe v6 0 0 2023 Incl Keymaker-EMBRACE.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Dave Chappelles Block Party 2005 CAM-PRiDEVCD.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\EXIT WORKING rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Elisa Bridges M&B Photosets.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Eyeshield 21 Portable Edition.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Fate - Wildtangent RPG.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\French Perfectionnement à Excel 2000.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Fun with Dick and Jane (2005) NL Sub optional.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Gary Moore -Old New Ballads - Advance - 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\HDDlife Pro 2.7.85.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\How to get Sims2 Open For Business Working + DTools + CureROM + MiniImage zip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\IRC chat.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Iraq War Clips.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Jon Stewart and Misc Segments at the Academy AwardsOscars (2006.TVRip.SoS).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Le cauchemar de Darwin french dvdrip drago ALLTEAM.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Len Horowitz - SWWAETW DNA Pirates (science).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Lost in Translation (2003) [DVDRip] [Xvid].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Mahjongg Master Platinum v1 0-DELiGHT.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Malcolm In The Middle S07E15 HDTV XviD-LOL [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\March Update.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Maynard James Keenan subduing a fan at a Tool concert.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Microsoft Office Professional Enterprise Edition 12 [per-release] EN With Full Product Key.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Midsomer Murders S09E02 WS PDTV XviD-RiVER [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Ministry The Mash Up Mix 2006 - 2cd's rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\NVIDIA PureVideo Decoder v1 02 196 Incl Keygen-SSG.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Origami Illustration.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Oscar Countdown 2006 HDTV XviD-UMD [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\PSP Valkyrie Profile Lenneth INTERNAL JAP.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Paula Abdul - Greatest Hits.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Paula Abdul - Shut Up And Dance [The Dance Mixes].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Pope John Paul II.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Prince - 3121 [2006MP3208].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Privacy policy.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Rockman Rockman JAP PSP [WwW LiMiTeDiVx CoM].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\SYLWIA PREISS rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Saturday Night Live S31E13 HDTV XviD-XOR [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Search Cloud.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Show all of today →.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\SmartSound Collection Movie Music Series 9CD .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Star Wars Empire At War KEYGEN REPACK-SUSPECTS.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\SuperCleaner 2.89 + key gen new as of 2006-02-07.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Swarmed[2005]DvDrip AC3[aka Wasps][Eng].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Sybex Mastering Web Development With Microsoft Visual Studio 2005 Dec 2005 eBook-TLFeBOOK.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\TV Shows.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\The Boondocks S01E13 PROPER DSR XviD-UMD [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\The L Word S03E09 HDTV XviD-LOL [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\The Princess Has Come of Age rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Two Pints Of Lager And A Packet Of Crisps S06E02 WS PDTV XviD-RiVER [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Ultraviolet.CAM-MALASiUS English.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Upload a torrent.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\VA-Now-(Thats What I Call Music)-6-2CD-2006-NNB.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Virtual 3D Aquarium Screen Saver full CD incl SN.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Walk The Line-OST-2005.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Wallace and Gromit In The Curse Of The Were-Rabbit DVDR-Replica.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\White Chicks DVDRip-NAT.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Wild At Heart S01E06 WS PDTV XviD-RiVER [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Wiley Macromedia Studio 8 All in one Desk Reference for Dummies Jan 2006 eBook-TLFeBOOK.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Wrox Visual Basic 2005 Express Edition Starter Kit Jan 2006 eBook-TLFeBOOK.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\Yoshiyuki Sadamoto-Alpha.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\[C1]Mushishi - 16[XviD][AFC97AE6] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\[NEW] Lisa Loeb - The Very Best Of Lisa Loeb (2006).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\[OOM]Kage Kara Mamoru 07 [8750C958] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\[PSP] Sengoku Cannon Act III (JAP) [by Jago] rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\[S^M] Tsubasa Chronicle Movie [Torikago no Kuni no Himegimi] RAW avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\[Scramble!] Kage Kara Mamoru - 07 [F30795B6] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\[Shockerz]Video Girl A I 01-06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\[Spanish Newspaper] El Pais PDF 06 03 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\[WPP]Digimon Savers - 00 [E73D0C4F] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\[manga] Futari Ecchi Complete Volume 01 [CX].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\[manga] Futari Ecchi Complete Volume 02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\[manga] Futari Ecchi artbook - Yura Yura - Full Spreads.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\[manga] Futari Ecchi artbook - Yura Yura v2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\[manga] Futari Ecchi v03 ch24.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\[manga] Futari Ecchi v03 ch27.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\dcp 3-5-06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\kiss pictures.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\m3604275410 jpg.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\medieval weapons [papermodels][demonoid].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Documents and Settings\Eigenaar\Complete\tracked by h33t com Hacking Linux Exposed PDF 3-27-2001.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\14 More Space Wallpapers for 1024x768.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\24 Space Wallpapers for 1024x768.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\3D War Chess 1 1 zip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\78th Academy Awards - The first half hour - Xvid [Falafel].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\AV+Voice+Changer+Software+Diamond+v4 0 51.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Advanced search.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Aimee Sweet M&B Photosets.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\AmazingYvonne- Collection of 77 wallpapers of Yvonne Catterfeld.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\BBC Planet Earth 1of5 From Pole to Pole DVB XviD MP3 www MVGroup org.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Batman and Robin Adventures.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Battle Of The Planets - The Complete Box Set.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Battle Of The Planets [COMPLETE].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Best Of Top Gear The Challenges WS PDTV XviD-HAGGiS [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Bishop 2003.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Browse categories.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\CCNA Network Visualizer 5.0 With Crack.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\CSI Miami PC game rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Cafferine First Image set - incl hi-rez (18yr old-NO nudity).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Chet Baker ings & plays from the film 'Let's Get Lost' (256kbps).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Chrissy Moran M&B Photosets.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Cyberlink PowerDVD Deluxe v6 0 0 2023 Incl Keymaker-EMBRACE.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Dave Chappelles Block Party 2005 CAM-PRiDEVCD.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\EXIT WORKING rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Elisa Bridges M&B Photosets.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Eyeshield 21 Portable Edition.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Fate - Wildtangent RPG.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\French Perfectionnement à Excel 2000.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Fun with Dick and Jane (2005) NL Sub optional.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Gary Moore -Old New Ballads - Advance - 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\HDDlife Pro 2.7.85.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\How to get Sims2 Open For Business Working + DTools + CureROM + MiniImage zip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\IRC chat.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Iraq War Clips.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Jon Stewart and Misc Segments at the Academy AwardsOscars (2006.TVRip.SoS).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Le Petit Prince (Lu par Pierre Arditi et 11 comédiens).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Le cauchemar de Darwin french dvdrip drago ALLTEAM.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Len Horowitz - SWWAETW DNA Pirates (science).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Lost in Translation (2003) [DVDRip] [Xvid].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Mahjongg Master Platinum v1 0-DELiGHT.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Malcolm In The Middle S07E15 HDTV XviD-LOL [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\March Update.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Maynard James Keenan subduing a fan at a Tool concert.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Microsoft Office Professional Enterprise Edition 12 [per-release] EN With Full Product Key.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Midsomer Murders S09E02 WS PDTV XviD-RiVER [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Ministry The Mash Up Mix 2006 - 2cd's rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\NVIDIA PureVideo Decoder v1 02 196 Incl Keygen-SSG.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Origami Illustration.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Oscar Countdown 2006 HDTV XviD-UMD [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\PSP Valkyrie Profile Lenneth INTERNAL JAP.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Paula Abdul - Greatest Hits.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Paula Abdul - Shut Up And Dance [The Dance Mixes].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Pope John Paul II.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Prince - 3121 [2006MP3208].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Privacy policy.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Rockman Rockman JAP PSP [WwW LiMiTeDiVx CoM].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\SYLWIA PREISS rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Saturday Night Live S31E13 HDTV XviD-XOR [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Search Cloud.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Show all of today →.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\SmartSound Collection Movie Music Series 9CD .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Star Wars Empire At War KEYGEN REPACK-SUSPECTS.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\SuperCleaner 2.89 + key gen new as of 2006-02-07.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Swarmed[2005]DvDrip AC3[aka Wasps][Eng].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Sybex Mastering Web Development With Microsoft Visual Studio 2005 Dec 2005 eBook-TLFeBOOK.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\TV Shows.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\The Boondocks S01E13 PROPER DSR XviD-UMD [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\The L Word S03E09 HDTV XviD-LOL [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\The Princess Has Come of Age rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Two Pints Of Lager And A Packet Of Crisps S06E02 WS PDTV XviD-RiVER [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Ultraviolet.CAM-MALASiUS English.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Upload a torrent.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\VA-Now-(Thats What I Call Music)-6-2CD-2006-NNB.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Virtual 3D Aquarium Screen Saver full CD incl SN.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Walk The Line-OST-2005.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Wallace and Gromit In The Curse Of The Were-Rabbit DVDR-Replica.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\White Chicks DVDRip-NAT.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Wild At Heart S01E06 WS PDTV XviD-RiVER [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Wiley Macromedia Studio 8 All in one Desk Reference for Dummies Jan 2006 eBook-TLFeBOOK.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Wrox Visual Basic 2005 Express Edition Starter Kit Jan 2006 eBook-TLFeBOOK.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\Yoshiyuki Sadamoto-Alpha.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\[C1]Mushishi - 16[XviD][AFC97AE6] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\[NEW] Lisa Loeb - The Very Best Of Lisa Loeb (2006).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\[OOM]Kage Kara Mamoru 07 [8750C958] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\[PSP] Sengoku Cannon Act III (JAP) [by Jago] rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\[S^M] Tsubasa Chronicle Movie [Torikago no Kuni no Himegimi] RAW avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\[Scramble!] Kage Kara Mamoru - 07 [F30795B6] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\[Shockerz]Video Girl A I 01-06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\[Spanish Newspaper] El Pais PDF 06 03 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\[WPP]Digimon Savers - 00 [E73D0C4F] avi.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\[manga] Futari Ecchi Complete Volume 01 [CX].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\[manga] Futari Ecchi Complete Volume 02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\[manga] Futari Ecchi artbook - Yura Yura - Full Spreads.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\[manga] Futari Ecchi artbook - Yura Yura v2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\[manga] Futari Ecchi v03 ch24.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\[manga] Futari Ecchi v03 ch27.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\dcp 3-5-06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\kiss pictures.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\m3604275410 jpg.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\medieval weapons [papermodels][demonoid].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\My Downloads\Shared\tracked by h33t com Hacking Linux Exposed PDF 3-27-2001.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). C:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined). ::Report end
  • Dit is het nieuwe Hjk-logje. Groeten Sharp Logfile of HijackThis v1.99.1 Scan saved at 11:02:37, on 8-1-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\sstray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Blokker Bestelsoftware\Agent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Nieuwe map\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\nl\msntb.dll O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\WINDOWS\system32\wuauclt.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Blokker Bestelsoftware\Agent.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SATARaid.lnk = ? O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130439958984 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  • Heb je nu nog problemen? fix deze regel nog even met HJT aub.(belangrijk, het bestand niet verwijderen <<<<<) [b:77e35b3637] O4 - HKLM\..\Run: [0123456789012345678901234567890123456789012345678901234567890123456789012345678 90123456789012345678901234567890123456789012345678901234567890123456789012345678 90123456789012345678901234567890123456789012345678901234567890123456789012345678 9012345678912345678] C:\WINDOWS\system32\wuauclt.exe[/b:77e35b3637] je kan nogmaals scannen en nu alles laten verwijderen door avg. J
  • Bedankt voor je hulp en tijd! Alles loopt weer op rolletjes. Groeten, Sharp
  • heel fijn, tot ziens.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.