Vraag & Antwoord
Logfile of HijackThis graag checken
9 antwoorden
- Elke programma die ik start minimalistert ie en kan de Internet niet opstarten hij staat een andere startpagina ingesteld.
Logfile of HijackThis v1.99.1
Scan saved at 14:08:34, on 13-9-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Ahead\nero\nero.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Jevithan\Bureaublad\TAMIL° ZONE\Setup\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ipv6mons.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEExt.htm
O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152987549625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_e.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing) - Nare infectie. Lid van de smitfraudfamilie.
[b:e8b42f597c]1.[/b:e8b42f597c] Download SmitfraudFix (van[b:e8b42f597c]S!Ri[/b:e8b42f597c]), en pak het uit op je bureaublad.
[b:e8b42f597c]2.[/b:e8b42f597c] Print onderstaande instrukties uit of kopieer ze naar een .txt bestand.
Dit, omdat de rest van de fix in veilige modus is en je hier dus niet meer kan terugzoeken.
[b:e8b42f597c]3.[/b:e8b42f597c] Start op in
[b:e8b42f597c]4.[/b:e8b42f597c] Open de map [b:e8b42f597c]smitfraudfix[/b:e8b42f597c] en dubbelklik op [b:e8b42f597c]smitfraudfix.cmd[/b:e8b42f597c]
[list:e8b42f597c]* Kies optie #2 - [b:e8b42f597c]Clean[/b:e8b42f597c] door[b:e8b42f597c]2[/b:e8b42f597c] te typen, en druk op "[b:e8b42f597c]Enter[/b:e8b42f597c]" om de
geïnfecteerde bestanden te verwijderen.
[i:e8b42f597c]Je zal een vraag krijgen: ""Registry cleaning - Do you want to clean the registry ?"[/i:e8b42f597c]
* Antwoord "yes" door [b:e8b42f597c]y[/b:e8b42f597c] te typen en druk op "Enter".
(Als je pc daarna niet herstart, start hem dan handmatig terug op in normale modus)
[i:e8b42f597c]Het tooltje zal nu onderzoeken of [b:e8b42f597c]wininet.dll[/b:e8b42f597c] geïnfecteerd is. Je kan dus de vraag krijgen of je
het geïnfecteerde bestandje wil vervangen.[/i:e8b42f597c]
*Antwoord dan "yes" door [b:e8b42f597c]y[/b:e8b42f597c] te typen en druk op "Enter".
[i:e8b42f597c]Het kan zijn dat het tooltje je pc opnieuw laat opstarten om zijn werk te kunnen afmaken.[/i:e8b42f597c]
* Als dat niet zo is, start je pc dan handmatig opnieuw op in normale modus.[/list:u:e8b42f597c]
[i:e8b42f597c]Er zal een tekstbestandje openen met de resultaten van de fix. [/i:e8b42f597c]
[b:e8b42f597c]5.[/b:e8b42f597c] Post de inhoud van dit bestandje in je volgende antwoord,
samen met een Hijackthis-logje. http://www.hijackthis.nl/forum/viewtopic.php?t=200
(Je kan het rapport ook vinden in c:\rapport.txt)
Succes - SmitFraudFix v2.87
Scan done at 10:50:14,25, do 14-09-2006
Run from C:\Documents and Settings\Jevithan\Bureaublad\SmitfraudFix
OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of HijackThis v1.99.1
Scan saved at 11:27:58, on 14-9-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWare.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWareControl.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWareGuard.exe
C:\Documents and Settings\Jevithan\Bureaublad\TAMIL° ZONE\Setup\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - {DB397160-38CC-4391-8689-B62F0602A120} - C:\WINDOWS\system32\wmersNLD.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEExt.htm
O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152987549625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: ,
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing) - en aub nog
Er zal een tekstbestandje openen met de resultaten van de fix.
5. Post de inhoud van dit bestandje in je volgende antwoord,
samen met een Hijackthis-logje. http://www.hijackthis.nl/forum/viewtopic.php?t=200
(Je kan het rapport ook vinden in c:\rapport.txt) - ow sorry ik heb de bericht weer gewerkt
- Niks aan de hand maar wil je een nieuw logje maken aub, en dan gewoon op nieuw antwoord klikken en dan het nieuwe logje toevoegen, dus eerdere berichten niet bewerken anders kom ik er niet meer uit.
eric - Logfile of HijackThis v1.99.1
Scan saved at 11:41:40, on 15-9-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\WWW File Share Pro\NTService.exe
C:\Program Files\WWW File Share Pro\WWWFileSharePro.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jevithan\Bureaublad\TAMIL° ZONE\Setup\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - {DB397160-38CC-4391-8689-B62F0602A120} - C:\WINDOWS\system32\wmersNLD.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEExt.htm
O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152987549625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: ,
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\~~\Cookies\~~@2o7[2].txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\~~\Cookies\~~@ad.yieldmanager[2].txt
Risk: Medium
Name: TrackingCookie.Clickhype
Path: C:\Documents and Settings\~~\Cookies\~~@ad1.clickhype[1].txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\~~\Cookies\~~@adbrite[1].txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: C:\Documents and Settings\~~\Cookies\~~@ads.pointroll[2].txt
Risk: Medium
Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\~~\Cookies\~~@advertising[1].txt
Risk: Medium
Name: TrackingCookie.Falkag
Path: C:\Documents and Settings\~~\Cookies\~~@as1.falkag[1].txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\~~\Cookies\~~@atdmt[2].txt
Risk: Medium
Name: TrackingCookie.Goldenpalace
Path: C:\Documents and Settings\~~\Cookies\~~@banner.goldenpalace[2].txt
Risk: Medium
Name: TrackingCookie.Bluestreak
Path: C:\Documents and Settings\~~\Cookies\~~@bluestreak[2].txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\~~\Cookies\~~@bs.serving-sys[1].txt
Risk: Medium
Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\~~\Cookies\~~@burstnet[1].txt
Risk: Medium
Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\~~\Cookies\~~@burstnet[3].txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: C:\Documents and Settings\~~\Cookies\~~@casalemedia[2].txt
Risk: Medium
Name: TrackingCookie.Clickhype
Path: C:\Documents and Settings\~~\Cookies\~~@clickhype[2].txt
Risk: Medium
Name: TrackingCookie.Com
Path: C:\Documents and Settings\~~\Cookies\~~@com[1].txt
Risk: Medium
Name: TrackingCookie.Sextracker
Path: C:\Documents and Settings\~~\Cookies\~~@counter11.sextracker[1].txt
Risk: Medium
Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\~~\Cookies\~~@doubleclick[1].txt
Risk: Medium
Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\~~\Cookies\~~@fastclick[1].txt
Risk: Medium
Name: TrackingCookie.Goldenpalace
Path: C:\Documents and Settings\~~\Cookies\~~@goldenpalace[1].txt
Risk: Medium
Name: TrackingCookie.Linksynergy
Path: C:\Documents and Settings\~~\Cookies\~~@linksynergy[1].txt
Risk: Medium
Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\~~\Cookies\~~@media.fastclick[2].txt
Risk: Medium
Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\~~\Cookies\~~@mediaplex[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\~~\Cookies\~~@microsofteup.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\~~\Cookies\~~@msnaccountservices.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\~~\Cookies\~~@msnportal.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Revenue
Path: C:\Documents and Settings\~~\Cookies\~~@revenue[1].txt
Risk: Medium
Name: TrackingCookie.Liveperson
Path: C:\Documents and Settings\~~\Cookies\~~@server.iad.liveperson[2].txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\~~\Cookies\~~@serving-sys[2].txt
Risk: Medium
Name: TrackingCookie.Onestat
Path: C:\Documents and Settings\~~\Cookies\~~@stat.onestat[2].txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: C:\Documents and Settings\~~\Cookies\~~@statcounter[2].txt
Risk: Medium
Name: TrackingCookie.Webtrendslive
Path: C:\Documents and Settings\~~\Cookies\~~@statse.webtrendslive[2].txt
Risk: Medium
Name: TrackingCookie.Targetnet
Path: C:\Documents and Settings\~~\Cookies\~~@targetnet[2].txt
Risk: Medium
Name: TrackingCookie.Tradedoubler
Path: C:\Documents and Settings\~~\Cookies\~~@tradedoubler[1].txt
Risk: Medium
Name: TrackingCookie.Tribalfusion
Path: C:\Documents and Settings\~~\Cookies\~~@tribalfusion[2].txt
Risk: Medium
Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\~~\Cookies\~~@www.burstnet[1].txt
Risk: Medium
Name: Worm.Rays
Path: C:\Documents and Settings\~~\Bureaublad\~~° ZONE\=-=MusiC=-=\avataram mp3\avataram mp3.exe
Risk: High
Name: Trojan.Pakes
Path: C:\Documents and Settings\~~\Bureaublad\~~° ZONE\BURN\Google Earth Pro 3.0\Patch\Google Earth Pro - Patch.exe/THM_AV~1.EXE
Risk: High
Name: Trojan.Pakes
Path: C:\Documents and Settings\~~\Bureaublad\~~° ZONE\BURN\Google Earth Pro 3.0\Patch\Google Earth Pro - Patch.exe/THM_AV~1.EXE
Risk: High
Name: Downloader.Small.dnt
Path: C:\System Volume Information\_restore{E24F9E27-8706-41C3-B149-EEA89418E978}\RP78\A0031521.exe
Risk: High
Name: Downloader.Small.dnt
Path: C:\System Volume Information\_restore{E24F9E27-8706-41C3-B149-EEA89418E978}\RP78\A0031522.exe
Risk: High
Name: Downloader.Small.dnt
Path: C:\System Volume Information\_restore{E24F9E27-8706-41C3-B149-EEA89418E978}\RP78\A0031523.exe
Risk: High
Name: Downloader.Small.dnt
Path: C:\System Volume Information\_restore{E24F9E27-8706-41C3-B149-EEA89418E978}\RP78\A0031524.exe
Risk: High
Name: Trojan.Pakes
Path: C:\System Volume Information\_restore{E24F9E27-8706-41C3-B149-EEA89418E978}\RP87\A0035875.exe
Risk: High
Name: Trojan.Sinowal.aq
Path: C:\System Volume Information\_restore{E24F9E27-8706-41C3-B149-EEA89418E978}\RP90\A0036950.dll
Risk: High
Name: Trojan.Sinowal.aq
Path: C:\System Volume Information\_restore{E24F9E27-8706-41C3-B149-EEA89418E978}\RP90\A0036951.dll
Risk: High
Name: Trojan.Tanspy
Path: C:\System Volume Information\_restore{E24F9E27-8706-41C3-B149-EEA89418E978}\RP90\A0036954.dll
Risk: High
Name: Not-A-Virus.Downloader.Win32.WinFixer.o
Path: C:\WINDOWS\Downloaded Program Files\UWA6PM_0001_N91M2107NetInstaller.exe
Risk: Low
Name: Proxy.Mitglieder.ei
Path: C:\WINDOWS\system32\hldrrr.exe
Risk: High
Name: Downloader.Small.cgu
Path: C:\WINDOWS\system32\wmersNLD.dll
Risk: High - Download hier de tool voor mitglieder FK en run die in veilige modus: http://www.pandasoftware.com/download/utilities/
- Kan je meteen de link geven, ik heb problemen met inloggen.
Daarom meteen de waar ik meteen op me pc kan opslaan
Alvast bedankt voor de Reactie.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.