Vraag & Antwoord
Hijackthis Log ff checken plz
15 antwoorden
- Ik heb zonet een virus van mijn pc verwijdert , gelieve ff te checken als ook echt alles verwijdert is .
Logfile of HijackThis v1.99.1
Scan saved at 8:30:48, on 11-8-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
F:\Program Files\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\HIJACKTHIS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AE1761A-2398-446A-BEC4-A56157D1EEFD}: NameServer = 194.119.228.67 193.74.208.135
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe - Download en unzip Killbox naar je bureaublad.
Klik op killbox.exe.
Selecteer de optie "Delete on reboot".
In het veld "Full Path of File to Delete" kopieer en plak je het volgende:
[b:3577869d73]C:\WINDOWS\SYSTEM32\winjrs32.dll[/b:3577869d73]
Klik op de knop: single file (!Belangrijk!)
Daarna, Klik op de rode cirkel met het wit kruisje erin.
Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES.
Je pc moet nu rebooten.
[b:3577869d73]*3*[/b:3577869d73]Verwijder de map C:\killbox!
[b:3577869d73]*4*[/b:3577869d73]Download [b:3577869d73]ATF Cleaner[/b:3577869d73] ( van Atribune)
[list:3577869d73]Dubbelklik op [b:3577869d73]ATF cleaner[/b:3577869d73] om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.
Gebruik je ook [b:3577869d73]Firefox[/b:3577869d73] als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords"
Klik op de knop Empty Selected.
Gebruik je ook [b:3577869d73]Opera[/b:3577869d73] als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.[/list:u:3577869d73]
[b:3577869d73]*5*[/b:3577869d73]Doe een online scan bij Panda
Bewaar het logje en post dat samen met een nieuw HJT logje svp - Pandascan
Incident Status Location
Adware:adware/pornmagpass Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles\n6720auo.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles\n6720auo.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles\n6720auo.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles\n6720auo.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles\n6720auo.default\cookies.txt[.xiti.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt[.metriweb.be/]
Hacktool:Hacktool/RegPatch.A Not disinfected F:\+++ downloads firefox +++\+++ SOFTWARE +++
Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 16:35:32, on 11-8-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\HIJACKTHIS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AE1761A-2398-446A-BEC4-A56157D1EEFD}: NameServer = 194.119.228.67 193.74.208.135
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
Zo te zien is nog niet alles er vanaf :-? :cry: - geen paniek.
start HJT opnieuw en vink onderstaande regels aan en klik op fix checked.
[b:a73373966c] O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)[/b:a73373966c]
zoek en verwijder met behulp van zoekfunctie van verkenner het volgende bestand.
[b:a73373966c] winjrs32.dll [/b:a73373966c] << even zoeken waar die staat.(indien nog aanwezig)
Lees onderstaande goed aub.
Download en installeer .
Start Ewido.
[list:a73373966c][*:a73373966c]klik achter "Resident Shield" op "change state", zodat "active" verandert in "inactive".
[*:a73373966c]klik achter "Automatic updates" op "change state", zodat "active" verandert in "inactive".
(Negeer de "Your computer is at risk" melding die Ewido nu geeft.)
[*:a73373966c]Klik in het menu bovenaan op [b:a73373966c]Update[/b:a73373966c] en klik op de [b:a73373966c]Start Update[/b:a73373966c] knop. Wacht tot de updates zijn binnengehaald.
[*:a73373966c]Klik in het menu bovenaan op [b:a73373966c]Scanner[/b:a73373966c] en kies [b:a73373966c]Settings[/b:a73373966c].
- Klik onder "How to act?" op [b:a73373966c]Recommended Actions[/b:a73373966c] en selecteer [b:a73373966c]Quarantine[/b:a73373966c] (belangrijk!).
- Zorg ervoor dat onder [b:a73373966c]Reports[/b:a73373966c] is aangevinkt: [b:a73373966c]Automatically generate report after every scan[/b:a73373966c].
- Zorg ervoor dat onder [b:a73373966c]Reports[/b:a73373966c] géén vinkje staat voor: [b:a73373966c]Only if threats were found[/b:a73373966c].
[*:a73373966c]Klik op [b:a73373966c]Scan[/b:a73373966c] en kies [b:a73373966c]Complete System Scan[/b:a73373966c].
[*:a73373966c]Na afloop van de scan, klik je op [b:a73373966c]Apply All Actions[/b:a73373966c].
[*:a73373966c]Wanneer je de melding krijgt [b:a73373966c]All actions have been applied[/b:a73373966c], klik je onderaan op de knop [b:a73373966c]Save Report[/b:a73373966c]. Het rapport van de scan wordt nu opgeslagen in de map Program Files\ewido anti-spyware 4.0\Reports.
Klik je daarna op de knop [b:a73373966c]Save report as[/b:a73373966c], dan krijg je de mogelijkheid om het rapportje op een andere plaats op te slaan. Sla het rapport op op een plaats waar je het gemakkelijk kunt terugvinden, bijv. je bureaublad.
[*:a73373966c]Sluit Ewido af.
[*:a73373966c]Kopieer het rapport van de scan en plaats dat hier in je volgende bericht.[/list:u:a73373966c]
Start opnieuw op en plaats een nieuw HJT logje aub.
Succes. - ———————————————————
ewido anti-spyware - Scan Report
———————————————————
+ Created at: 20:54:32 11-8-2006
+ Scan result:
:mozilla.10:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles\n6720auo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\rudi\Cookies\rudi@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\rudi\Cookies\rudi@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.67:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles\n6720auo.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles\n6720auo.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles\n6720auo.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles\n6720auo.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles\n6720auo.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles\n6720auo.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles\n6720auo.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles\n6720auo.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
C:\Documents and Settings\rudi\Cookies\rudi@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles\n6720auo.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Administrator.HOME-Q4EO3HQCN0\Application Data\Mozilla\Firefox\Profiles\n6720auo.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\rudi\Application Data\Mozilla\Firefox\Profiles\i1fak8vw.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 21:00:52, on 11-8-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
F:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\HIJACKTHIS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!ewido] "F:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AE1761A-2398-446A-BEC4-A56157D1EEFD}: NameServer = 194.119.228.67 193.74.208.135
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
Zie je verder nog iets dat moet verwijdert worden ????? - start ewido nogmaals en doe een scan, verwijder nu alles wat het vind.
Start daarna opnieuw op en ga naar > systeemherstel> instellingen> en zet je systeemherstel uit. Start weer opnieuw op en zet je systeemherstel dan weer aan, je systeem maakt automatisch een nieuw en nu schoon punt aan.
Succes - Thnx
Zit er anders niks meer tss wat nog verwijdert moet worden :roll: :roll:
Logfile of HijackThis v1.99.1
Scan saved at 7:49:08, on 12-8-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\Program Files\HIJACKTHIS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AE1761A-2398-446A-BEC4-A56157D1EEFD}: NameServer = 194.119.228.67 193.74.208.135
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WBSrv - F:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe - Nee hoor, geen malware spyware oid volgens mij, had je het graag anders gezien?
- Nee hoor , zo is het goed , nu maar hopen dat het zo blijft :roll:
Thxn - [quote:91e4378b98="strangerke"]Nee hoor , zo is het goed , nu maar hopen dat het zo blijft :roll:
Thxn[/quote:91e4378b98]
heb je misschien nog wat aan deze beveiligstips - Is het mss ook beter om het resident shield bij ewido aan te zetten ?????
btw. spywareblaster & guard had ik op mijn vorige systeem ook staan , dit ben ik op mijn huidige systeem totaal vergeten te installeren . Thx om me eraan te herinneren :wink: - Heb ik geen ervaring mee, dus een zinnig antwoord kan ik daar niet echt op geven.
De tips nog niet gelezen verder? - tips heb ik gelezen , verschillende van deze tips doe ik zelf allang
Goeie virusscanner en firewall had ik al , dacht ik ?? - NOD32 is een prima scanner, welke firewall had je ook alweer.?
- Sygate , is toch ook een goeie , of niet ??
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
Gerelateerde vragen
- URL zonder extensie wil niet helemaal lukken
- https verbinding met ssl in owncloud
- afspelen met audacity werkt niet goed
- Computer!Totaal-forum maakt plaats voor v&a-module
- computer start soms niet op
- Pro show gold 4 overgangen tussen tekstdia's
- wie kan mij meer vertellen over een Gigabyte GA-B85M-HD3
- Windows Tijdelijke bestanden