Vraag & Antwoord

Beveiliging & privacy

antivirusxp pro 2009

10 antwoorden
  • Beste, Met korte tussenpozen krijg ik op mijn laptop onderaan een tekstballonnetje met volgende melding = " Warning security report, your computer is infected, It is recommended to start spyware cleaner tool. " Dat bericht leidt naar volgende website : antivirusxp-pro2009.com/?code=0000100 Het bureaublad is zwart, met in roodgele letters : WARNING , en dan de melding dat de PC geïnfecteerd is met Trojaanse paarden en nog van alles. Voor de rest functioneert alles nog naar behoren, behalve dat er af en toe een blauw scherm komt met de melding van een geheugendump... waarna de laptop moet afgesloten en heropgestart worden. Ik heb zo ongeveer alle bestaande anti-spyware programma's laten scannen : malware bytes ,spy sweeper, superantispyware, .... Ze vinden allemaal wel iets, maar het het ballonnetje blijft hardnekkig verschijnen. Hierbij de log . Dank bij voorbaat !!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:20:13, on 22/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\frmwrk32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\William2 (in nood).LAPTOP\Bureaublad\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: IEEE 802.11g Wireless LAN Utility.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: ddayy - C:\WINDOWS\system32\ddayy.dll (file missing) O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - D:\iPod\bin\iPodService.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 5799 bytes
  • Momentje ik ga even kijken voor je
  • Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:44553e0643] O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40 O20 - Winlogon Notify: ddayy - C:\WINDOWS\system32\ddayy.dll (file missing) O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing) [/b:44553e0643] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Download de [color=blue:44553e0643][b:44553e0643] fix DNS Hijacker [/b:44553e0643][/color:44553e0643] [url=http://www.4shared.com/get/40178743/915229ee/Fixwareout.html] fix DNS Hijacker [/url] Sla het op op je Bureaublad en laat het runnen. Klik dan op [b:44553e0643]Next[/b:44553e0643], dan op [b:44553e0643]Install[/b:44553e0643], wees zeker dat [color=blue:44553e0643][b:44553e0643]Run fixit[/b:44553e0643][/color:44553e0643] is aangevinkt en klik op [b:44553e0643]Finish[/b:44553e0643]. De fix zal beginnen; volg de instructies die je krijgt. Er zal gevraagd worden of je je pc wilt herstarten; doe dit ook. Je computer zal nu wat trager opstarten, [i:44553e0643]dit is normaal[/i:44553e0643]. Zodra je Bureaublad geladen is, zal een tekstbestand openen ([b:44553e0643]report.txt[/b:44553e0643]). Ga naar het Configuratiescherm en klik op "Netwerkverbindingen". Rechtsklik op je standaard verbinding en kies "Eigenschappen". Klik op het tabblad "Algemeen" en dubbelklik op "Internet-Protocol (TCP/IP)". Selecteer "Automatisch een DNS-serveradres laten toewijzen". Ga naar Start – Uitvoeren en tik in [b:44553e0643]"cmd" [/b:44553e0643] Druk op enter. Daarna tik je in: [b:44553e0643]ipconfig /flushdns[/b:44553e0643] Druk op enter. Sluit het venster. Herstart je computer nogmaals. Download [url=http://www.besttechie.net/mbam/mbam-setup.exe][b:44553e0643][color=red:44553e0643]MalwareBytes' Anti-Malware[/color:44553e0643][/b:44553e0643][/url] en sla het op je bureaublad op. Dubbelklik op [b:44553e0643]mbam-setup.exe[/b:44553e0643] om het programma te installeren. Zorg dat er na de installatie een vinkje is geplaatst bij:[list:44553e0643] [*:44553e0643]Update MalwareBytes' Anti-Malware [*:44553e0643]Start MalwareBytes' Anti-Malware [/list:u:44553e0643]Klik daarna op "[b:44553e0643]Voltooien[/b:44553e0643]". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:44553e0643] [*:44553e0643]Zodra het programma gestart is, ga dan naar het tabblad "[b:44553e0643]Instellingen[/b:44553e0643]". [*:44553e0643]Vink hier aan: "[b:44553e0643]Sluit Internet Explorer tijdens verwijdering van malware[/b:44553e0643]". [*:44553e0643]Ga daarna naar het tabblad "[b:44553e0643]Scanner[/b:44553e0643]", kies hier voor "[b:44553e0643]Snelle Scan[/b:44553e0643]". [*:44553e0643]Druk vervolgens op "[b:44553e0643]Scannen[/b:44553e0643]" om de scan te starten. [*:44553e0643]Het scannen kan een tijdje duren, dus wees geduldig. [*:44553e0643]Wanneer de scan voltooid is, klik op [b:44553e0643]OK[/b:44553e0643], daarna "[b:44553e0643]Bekijk Resultaten[/b:44553e0643]" om de resultaten te zien. [*:44553e0643]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:44553e0643]Verwijder geselecteerde[/b:44553e0643]". [*:44553e0643]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [/list:u:44553e0643]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:44553e0643]Logs[/b:44553e0643]" tab te klikken in het programma. Plaats dit logje samen met een nieuw logje van HijackThis.
  • ok, dank !! Doe ik deze acties in veilige modus ? Dank.
  • Nee hoor, normale modus.
  • Beste, Ik heb mij voorlopig beperkt tot de hijack-actie + malwarebytes-scan. Het irritante ballonnetje onderaan is weg, en ik heb weer een mooi bureaublad ! Dank !! Denkt u dat die andere aanpassingen die u voorstelt ook noodzakelijk zijn, alles lijkt immers weer in orde, of zou ik die toch nog doorvoeren ? Heeft dat iets te maken met dat blauwe scherm dat af en toe verschijnt ? Hierbij de logs van malwarebyte en hijackthis : Malwarebytes' Anti-Malware 1.34 Database version: 1795 Windows 5.1.2600 Service Pack 3 23/02/2009 9:14:59 mbam-log-2009-02-23 (09-14-59).txt Scan type: Quick Scan Objects scanned: 87789 Time elapsed: 7 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 7 Folders Infected: 0 Files Infected: 45 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\coolplay (Trojan.DNSChanger) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\William2 (in nood).LAPTOP\Local Settings\Temporary Internet Files\Content.IE5\FIY4P6RD\russian[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\William2 (in nood).LAPTOP\Local Settings\Temporary Internet Files\Content.IE5\PV36FMYY\155[1].net (Trojan.Downloader) -> Quarantined and deleted successfully. C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-3-8-11-100008030-100027824-100019048-9152.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gaopdxacxoqhos.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gaopdxifpxmphw.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\gaopdxcmqckdbo.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\gaopdxdvewulte.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\gaopdxiobrftdc.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\gaopdxjkyiurrv.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\gaopdxkyxuejxt.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\gaopdxowprrjit.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\gaopdxteooeqal.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\gaopdxwxwbwwwv.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-178562.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-316375.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-317328.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-445453.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-445812.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-478203.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-508921.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-991296.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-991609.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-1182171.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-1182875.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-1854578.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-1854828.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-2270296.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-2270671.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-2996140.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-4493609.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-4494437.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekaadycblvy.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\senekahsstanre.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\senekairwoppgu.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekalqjomxlw.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekarxducxwn.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\senekaqjpypuhy.sys (Trojan.Agent) -> Delete on reboot. En hierbij nieuwe hijack this log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:36:32, on 23/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\William2 (in nood).LAPTOP\Bureaublad\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: IEEE 802.11g Wireless LAN Utility.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - D:\iPod\bin\iPodService.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 5104 bytes
  • Tja ik bied het niet voor niks aan toch ?
  • Ok, ik probeer het meteen !
  • het gaat toch wel om het programmatje "fixwareout" dat ik moet opstarten ( daar kwam ik op via de link DNS fix Hijack
  • ja dat is juist

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.