sinds vanmiddag krijg ik rechts onderin de balk op mijn laptop een gele driehoek tekentje met de mededeling security alert en knippert de hele tijd ,hij is iet geïnstalleerd ,dan opent elke keer een site van protection center,dan rechts weer melding van spyware found en zo gaat maar door
ik zou niet weten hoe ik dit kwijt raak ,kan iemand mij helpen .
security alert
Moderator: MandersOnline
-
MandersOnline
- Manders Online
- Berichten: 23687
- Lid geworden op: zo 03 aug 2003, 1:12
- Locatie: Amsterdam
- Contacteer:
Als eerste zou ik je willen vragen doe even een Online scan op je PC mogelijk heb je stevige rommel op je PC staan.
Verder zou een Hijackthis log ook welkom kunnen zijn.
Verder zou een Hijackthis log ook welkom kunnen zijn.
Bezoek ook gerust de website https://mandersonline.nl
dat er rommel opzit merkte ik in 1 keer terwijl ik niet eens een internet site open had,
dus bij deze mijn haijackfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:27, on 19-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\PSIService.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\Fonts\svchost.exe
C:\Windows\Fonts\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\MSNmsgr.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IExpLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Se ... ftPane.htm
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\Windows\system32\uieraqyb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Host Process] C:\Windows\Fonts\svchost.exe
O4 - HKLM\..\Run: [cc1a121c] rundll32.exe "C:\Windows\system32\sewynxoi.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSNmsgr] "C:\Program Files\MSN Messenger\MSNmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Exporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Windows\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Windows\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\XPnetdiag.exe
O9 - Extra 'Tools' menuitem: @XPsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\XPnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - http://cache.hyvz.com/statics/Aurigma/I ... oader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O20 - AppInit_DLLs: C:\Windows\system32\__c00416A1.dat
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8655 bytes
heb ook online scan gedaan ewido en geklikt op remove files ,zonder resultaat
ik hoop dat jullie mij kunnen helpen om dit van de pc te krijgen
ewido log:
__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________
Name: TrackingCookie.Netflame
Path: C:\Documents and Settings\Magriet\Cookies\magriet@ssl-hints.netflame[1].txt
Risk: Medium
Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\WR
Risk: Medium
Name: Adware.Generic
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1
Risk: Medium
Name: Downloader.ConHook.hl
Path: [684] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [756] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [984] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1068] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1112] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1324] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1404] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1824] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [520] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1208] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1572] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1752] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [2012] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [476] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1956] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [844] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1252] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1444] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1612] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.Agent.emo
Path: [824] C:\Windows\mrofinu1188.exe
Risk: High
Name: Downloader.ConHook.hl
Path: [2176] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [2260] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [2404] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [2440] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [2536] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [2576] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [2604] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [2628] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.Agent.emo
Path: [3128] C:\Windows\17PHolmes1188.exe
Risk: High
Name: Downloader.ConHook.hl
Path: [2000] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [3004] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [3752] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: C:\WINDOWS\system32\kkeqipng.dll
Risk: High
Name: Downloader.ConHook.hl
Path: C:\WINDOWS\system32\__c00416A1.dat
Risk: High
dus bij deze mijn haijackfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:27, on 19-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\PSIService.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\Fonts\svchost.exe
C:\Windows\Fonts\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\MSNmsgr.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IExpLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Se ... ftPane.htm
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\Windows\system32\uieraqyb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Host Process] C:\Windows\Fonts\svchost.exe
O4 - HKLM\..\Run: [cc1a121c] rundll32.exe "C:\Windows\system32\sewynxoi.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSNmsgr] "C:\Program Files\MSN Messenger\MSNmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Exporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Windows\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Windows\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\XPnetdiag.exe
O9 - Extra 'Tools' menuitem: @XPsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\XPnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - http://cache.hyvz.com/statics/Aurigma/I ... oader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O20 - AppInit_DLLs: C:\Windows\system32\__c00416A1.dat
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8655 bytes
heb ook online scan gedaan ewido en geklikt op remove files ,zonder resultaat
ik hoop dat jullie mij kunnen helpen om dit van de pc te krijgen
ewido log:
__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________
Name: TrackingCookie.Netflame
Path: C:\Documents and Settings\Magriet\Cookies\magriet@ssl-hints.netflame[1].txt
Risk: Medium
Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\WR
Risk: Medium
Name: Adware.Generic
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1
Risk: Medium
Name: Downloader.ConHook.hl
Path: [684] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [756] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [984] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1068] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1112] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1324] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1404] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1824] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [520] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1208] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1572] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1752] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [2012] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [476] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1956] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [844] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1252] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1444] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [1612] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.Agent.emo
Path: [824] C:\Windows\mrofinu1188.exe
Risk: High
Name: Downloader.ConHook.hl
Path: [2176] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [2260] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [2404] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [2440] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [2536] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [2576] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [2604] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [2628] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.Agent.emo
Path: [3128] C:\Windows\17PHolmes1188.exe
Risk: High
Name: Downloader.ConHook.hl
Path: [2000] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [3004] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: [3752] C:\Windows\system32\__c00416A1.dat
Risk: High
Name: Downloader.ConHook.hl
Path: C:\WINDOWS\system32\kkeqipng.dll
Risk: High
Name: Downloader.ConHook.hl
Path: C:\WINDOWS\system32\__c00416A1.dat
Risk: High
-
MandersOnline
- Manders Online
- Berichten: 23687
- Lid geworden op: zo 03 aug 2003, 1:12
- Locatie: Amsterdam
- Contacteer:
Dat mag je even weg halen en wat Ewido opgaf mag je direct verwijderen...Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:27, on 19-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
O4 - HKLM\..\Run: [Host Process] C:\Windows\Fonts\svchost.exe
O4 - HKLM\..\Run: [cc1a121c] rundll32.exe "C:\Windows\system32\sewynxoi.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O20 - AppInit_DLLs: C:\Windows\system32\__c00416A1.dat
Bezoek ook gerust de website https://mandersonline.nl
-
MandersOnline
- Manders Online
- Berichten: 23687
- Lid geworden op: zo 03 aug 2003, 1:12
- Locatie: Amsterdam
- Contacteer:
