Vraag & Antwoord

Beveiliging & privacy

Hijackthis Log ff checken plz

Anoniem
juisterr
15 antwoorden
  • Ik heb zonet een virus van mijn pc verwijdert , gelieve ff te checken als ook echt alles verwijdert is .
    Logfile of HijackThis v1.99.1
    Scan saved at 8:30:48, on 11-8-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\Program Files\NVIDIA Corporation
    Tune
    TuneService.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    F:\Program Files\BitComet\BitComet.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    F:\Program Files\HIJACKTHIS\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation
    Tune
    TuneCmd.exe" clear
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0AE1761A-2398-446A-BEC4-A56157D1EEFD}: NameServer = 194.119.228.67 193.74.208.135
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation
    Tune
    TuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe











  • Download en unzip Killbox naar je bureaublad.
    Klik op killbox.exe.
    Selecteer de optie "Delete on reboot".
    In het veld "Full Path of File to Delete" kopieer en plak je het volgende:

    [b:3577869d73]C:\WINDOWS\SYSTEM32\winjrs32.dll[/b:3577869d73]

    Klik op de knop: single file (!Belangrijk!)

    Daarna, Klik op de rode cirkel met het wit kruisje erin.
    Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES.

    Je pc moet nu rebooten.

    [b:3577869d73]*3*[/b:3577869d73]Verwijder de map C:\killbox!

    [b:3577869d73]*4*[/b:3577869d73]Download [b:3577869d73]ATF Cleaner[/b:3577869d73] ( van Atribune)

    [list:3577869d73]Dubbelklik op [b:3577869d73]ATF cleaner[/b:3577869d73] om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Gebruik je ook [b:3577869d73]Firefox[/b:3577869d73] als browser:

    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit verwijdert het vinkje bij "Firefox saved passwords";)
    Klik op de knop Empty Selected.

    Gebruik je ook [b:3577869d73]Opera[/b:3577869d73] als browser:

    Klik op tabblad "Opera", plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop Empty Selected.

    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.[/list:u:3577869d73]

    [b:3577869d73]*5*[/b:3577869d73]Doe een online scan bij Panda
    Bewaar het logje en post dat samen met een nieuw HJT logje svp :P
  • Pandascan

    Incident Status Location

    Adware:adware/pornmagpass Not disinfected Windows Registry
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles
    6720auo.default\cookies.txt[.microsofteup.112.2o7.net/]
    Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles
    6720auo.default\cookies.txt[.metriweb.be/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles
    6720auo.default\cookies.txt[as1.falkag.de/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles
    6720auo.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles
    6720auo.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt[.metriweb.be/]
    Hacktool:Hacktool/RegPatch.A Not disinfected F:\+++ downloads firefox +++\+++ SOFTWARE +++

    Hijackthis
    Logfile of HijackThis v1.99.1
    Scan saved at 16:35:32, on 11-8-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\Program Files\NVIDIA Corporation
    Tune
    TuneService.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    F:\Program Files\HIJACKTHIS\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation
    Tune
    TuneCmd.exe" clear
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0AE1761A-2398-446A-BEC4-A56157D1EEFD}: NameServer = 194.119.228.67 193.74.208.135
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation
    Tune
    TuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    Zo te zien is nog niet alles er vanaf :-? :cry:
















  • geen paniek.

    start HJT opnieuw en vink onderstaande regels aan en klik op fix checked.

    [b:a73373966c] O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)[/b:a73373966c]

    zoek en verwijder met behulp van zoekfunctie van verkenner het volgende bestand.

    [b:a73373966c] winjrs32.dll [/b:a73373966c] << even zoeken waar die staat.(indien nog aanwezig)

    Lees onderstaande goed aub.

    Download en installeer .
    Start Ewido.
    [list:a73373966c][*:a73373966c]klik achter "Resident Shield" op "change state", zodat "active" verandert in "inactive".
    [*:a73373966c]klik achter "Automatic updates" op "change state", zodat "active" verandert in "inactive".
    (Negeer de "Your computer is at risk" melding die Ewido nu geeft.)
    [*:a73373966c]Klik in het menu bovenaan op [b:a73373966c]Update[/b:a73373966c] en klik op de [b:a73373966c]Start Update[/b:a73373966c] knop. Wacht tot de updates zijn binnengehaald.
    [*:a73373966c]Klik in het menu bovenaan op [b:a73373966c]Scanner[/b:a73373966c] en kies [b:a73373966c]Settings[/b:a73373966c].
    - Klik onder "How to act?" op [b:a73373966c]Recommended Actions[/b:a73373966c] en selecteer [b:a73373966c]Quarantine[/b:a73373966c] (belangrijk!).
    - Zorg ervoor dat onder [b:a73373966c]Reports[/b:a73373966c] is aangevinkt: [b:a73373966c]Automatically generate report after every scan[/b:a73373966c].
    - Zorg ervoor dat onder [b:a73373966c]Reports[/b:a73373966c] géén vinkje staat voor: [b:a73373966c]Only if threats were found[/b:a73373966c].
    [*:a73373966c]Klik op [b:a73373966c]Scan[/b:a73373966c] en kies [b:a73373966c]Complete System Scan[/b:a73373966c].
    [*:a73373966c]Na afloop van de scan, klik je op [b:a73373966c]Apply All Actions[/b:a73373966c].
    [*:a73373966c]Wanneer je de melding krijgt [b:a73373966c]All actions have been applied[/b:a73373966c], klik je onderaan op de knop [b:a73373966c]Save Report[/b:a73373966c]. Het rapport van de scan wordt nu opgeslagen in de map Program Files\ewido anti-spyware 4.0\Reports.
    Klik je daarna op de knop [b:a73373966c]Save report as[/b:a73373966c], dan krijg je de mogelijkheid om het rapportje op een andere plaats op te slaan. Sla het rapport op op een plaats waar je het gemakkelijk kunt terugvinden, bijv. je bureaublad.
    [*:a73373966c]Sluit Ewido af.
    [*:a73373966c]Kopieer het rapport van de scan en plaats dat hier in je volgende bericht.[/list:u:a73373966c]

    Start opnieuw op en plaats een nieuw HJT logje aub.

    Succes.
  • ———————————————————
    ewido anti-spyware - Scan Report
    ———————————————————

    + Created at: 20:54:32 11-8-2006

    + Scan result:



    :mozilla.10:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles
    6720auo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.75:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\rudi\Cookies\rudi@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\rudi\Cookies\rudi@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.67:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
    :mozilla.68:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
    :mozilla.29:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.28:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
    :mozilla.65:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.51:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.53:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.54:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.55:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.61:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.42:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles
    6720auo.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
    :mozilla.43:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles
    6720auo.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
    :mozilla.11:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    :mozilla.39:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles
    6720auo.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    :mozilla.18:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.19:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.20:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.21:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.22:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.23:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.34:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles
    6720auo.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.35:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles
    6720auo.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.36:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles
    6720auo.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.37:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles
    6720auo.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.38:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles
    6720auo.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.16:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
    :mozilla.17:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
    C:\Documents and Settings\rudi\Cookies\rudi@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    :mozilla.10:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.12:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.14:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.15:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.27:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles
    6720auo.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
    :mozilla.30:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles
    6720auo.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
    :mozilla.66:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.33:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).


    ::Report end


    Logfile of HijackThis v1.99.1
    Scan saved at 21:00:52, on 11-8-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\Program Files\NVIDIA Corporation
    Tune
    TuneService.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
    F:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    F:\Program Files\HIJACKTHIS\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation
    Tune
    TuneCmd.exe" clear
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [!ewido] "F:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0AE1761A-2398-446A-BEC4-A56157D1EEFD}: NameServer = 194.119.228.67 193.74.208.135
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation
    Tune
    TuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    Zie je verder nog iets dat moet verwijdert worden ?????






















  • start ewido nogmaals en doe een scan, verwijder nu alles wat het vind.

    Start daarna opnieuw op en ga naar > systeemherstel> instellingen> en zet je systeemherstel uit. Start weer opnieuw op en zet je systeemherstel dan weer aan, je systeem maakt automatisch een nieuw en nu schoon punt aan.

    Succes
  • Thnx
    Zit er anders niks meer tss wat nog verwijdert moet worden :roll: :roll:

    Logfile of HijackThis v1.99.1
    Scan saved at 7:49:08, on 12-8-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    F:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\Program Files\NVIDIA Corporation
    Tune
    TuneService.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Eset
    od32kui.exe
    C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    F:\Program Files\HIJACKTHIS\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0AE1761A-2398-446A-BEC4-A56157D1EEFD}: NameServer = 194.119.228.67 193.74.208.135
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WBSrv - F:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation
    Tune
    TuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe









  • Nee hoor, geen malware spyware oid volgens mij, had je het graag anders gezien?
  • Nee hoor , zo is het goed , nu maar hopen dat het zo blijft :roll: :D

    Thxn
  • [quote:91e4378b98="strangerke"]Nee hoor , zo is het goed , nu maar hopen dat het zo blijft :roll: :D

    Thxn[/quote:91e4378b98]

    heb je misschien nog wat aan deze beveiligstips
  • Is het mss ook beter om het resident shield bij ewido aan te zetten ?????
    btw. spywareblaster & guard had ik op mijn vorige systeem ook staan , dit ben ik op mijn huidige systeem totaal vergeten te installeren . Thx om me eraan te herinneren :wink: :D
  • Heb ik geen ervaring mee, dus een zinnig antwoord kan ik daar niet echt op geven.
    De tips nog niet gelezen verder?
  • tips heb ik gelezen , verschillende van deze tips doe ik zelf allang :)
    Goeie virusscanner en firewall had ik al , dacht ik ??
  • NOD32 is een prima scanner, welke firewall had je ook alweer.?
  • Sygate , is toch ook een goeie , of niet ??

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord