
deejay117
Lid-
Items
21 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door deejay117
-
Ik krijg regelmatig een venster dat internet explorer niet meer werk in de invoegtoepassingen vind ik niets terug. Wat kan ik nog meer doen ?
-
Downloaden MP3-bestanden lukt niet (2)
deejay117 reageerde op deejay117's topic in Archief Internet & Netwerk
met firefox lukt het -
Downloaden MP3-bestanden lukt niet (2)
deejay117 reageerde op deejay117's topic in Archief Internet & Netwerk
Internet Explorer -
via google
-
Heb even een eigen onderwerp voor je geopend. Posten in het topic van een andere forumgebruiker leidt alleen maar tot misverstanden ik heb hetzelfde aan de hand op deze website tony www.mp3skull.com
-
hijacthislogje na kijken
deejay117 reageerde op deejay117's topic in Archief Bestrijding malware & virussen
Ok zal dit in orde brengen. Alvast bedankt voor de hulp. -
hijacthislogje na kijken
deejay117 reageerde op deejay117's topic in Archief Bestrijding malware & virussen
Nog een klein vraagje hoe verwijder ik combofix ? Als ik Combofix /u op deze desktop in typ en ok klik dan opent Combofix zich en begint te scannen in plaats dat het zich verwijderd. -
hijacthislogje na kijken
deejay117 reageerde op deejay117's topic in Archief Bestrijding malware & virussen
Ik krijg net je bericht aan ik heb mijn desktop binnen gedaan in de pc shop. Ik werk nu met mijn oude pc maar deze is mij zo traag geworden. Ik plaats hier ook nog even hijackthis log voor eens te controleren wat je ervan denkt als dat niet te veel gevraagd is. Alvast bedankt voor de hulp. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:06:45, on 23/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Norman\Npm\Bin\Elogsvc.exe C:\Program Files\Norman\Ngs\Bin\Nnf.exe C:\Program Files\Norman\Ngs\Bin\Nprosec.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Program Files\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Common Toolkit Suite\FighterSuiteService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Fighters\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Norman\Npm\Bin\ZLH.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Fighters\SPAMfighter\sfagent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\NotifyPhoneBook.exe C:\Program Files\Norman\Npm\Bin\scheduler.exe C:\Program Files\Norman\Npm\Bin\Njeeves.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Program Files\Norman\Nse\Bin\NSESVC.EXE C:\Program Files\Norman\Nvc\Bin\nvcoas.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Norman\Nvc\Bin\Nip.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Norman\Nvc\Bin\cclaw.exe C:\Program Files\internet explorer\iexplore.exe C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Personal ID] C:\COOLSP~1\PERSON~1\PID.EXE O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Common Toolkit Service - SPAMfighter - C:\Program Files\Common Files\Common Toolkit Suite\FighterSuiteService.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nnf.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\Bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\SPAMfighter\sfus.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 8068 bytes -
hijacthislogje na kijken
deejay117 reageerde op deejay117's topic in Archief Bestrijding malware & virussen
Krijg een venster waar op staat Bericht van webpagina. Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Succesful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the INternet connection is established. ERROR: License has expired -
hijacthislogje na kijken
deejay117 reageerde op deejay117's topic in Archief Bestrijding malware & virussen
c:\windows\system32\chg.exe is nergens te vinden. Ik start met de rest. -
hijacthislogje na kijken
deejay117 reageerde op deejay117's topic in Archief Bestrijding malware & virussen
Er opent ook een pagina waarna er een venster verschijnt met deze text. Warning Your computer is at risk of malware attacks. We recommend you to Check your system immediately. Press OK to start the proces now... Ik heb op ctrl alt geklikt en programma Security Analysis beeindigd. -
Ik ben hier terecht gekomen door google zoekfunctie en hoop hier geholpen te worden. Natuurlijk zal ik jullie ook een bijdrage storten jullie doen als ik geholpen ben voor wat hoort wat vind ik. Groetjes
-
hijacthislogje na kijken
deejay117 reageerde op deejay117's topic in Archief Bestrijding malware & virussen
Logbestand combofix: ComboFix 10-11-21.02 - Alain 22/11/2010 11:36:22.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3063.2218 [GMT 1:00] Gestart vanuit: c:\documents and settings\Alain\Bureaublad\ComboFix.exe AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} . (((((((((((((((((((( Bestanden Gemaakt van 2010-10-22 to 2010-11-22 )))))))))))))))))))))))))))))) . 2010-11-22 09:23 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-22 09:23 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-22 08:23 . 2010-11-22 09:19 118784 ----a-w- c:\windows\system32\chg.exe 2010-11-22 00:17 . 2010-11-22 00:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-11-21 21:02 . 2010-11-21 21:02 388096 ----a-r- c:\documents and settings\Alain\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-11-21 20:49 . 2010-11-21 20:49 -------- d-----w- c:\documents and settings\Alain\Application Data\Malwarebytes 2010-11-21 20:49 . 2010-11-22 09:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-20 20:18 . 2007-04-12 13:19 129024 ----a-w- c:\windows\system32\AVERM.dll 2010-11-20 20:18 . 2010-11-20 20:39 -------- d-----w- c:\program files\Ultra RM Converter 2010-11-20 19:54 . 2010-11-20 19:54 -------- d-----w- C:\Temp 2010-11-20 17:52 . 2010-11-20 17:52 8192 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll 2010-11-20 17:52 . 2010-11-20 17:52 -------- d-----w- c:\program files\Common Files\xing shared 2010-11-20 17:52 . 2010-11-20 17:52 144960 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll 2010-11-20 17:51 . 2010-11-20 17:52 94208 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll 2010-11-20 17:51 . 2010-11-20 17:51 -------- d-----w- c:\program files\Real 2010-11-20 17:48 . 2010-11-20 17:47 569397 ----a-w- c:\program files\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll 2010-11-20 15:37 . 2010-11-20 15:37 -------- d-----w- C:\RmConverterOutput 2010-11-20 14:03 . 2010-11-20 20:56 -------- d-----w- C:\OutputFolder 2010-11-20 13:29 . 2010-11-20 14:22 -------- d-----w- c:\program files\RM Converter 2010-11-20 13:12 . 2010-11-20 13:12 -------- d-----w- c:\documents and settings\Alain\Local Settings\Application Data\Real 2010-11-19 13:20 . 2010-11-22 10:26 -------- d--h--r- c:\documents and settings\Alain\Onlangs geopend 2010-11-19 08:09 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{EE1BB543-DE3A-4554-A3E6-8C8C8EB63BD8}\mpengine.dll 2010-11-18 17:42 . 2010-11-18 17:42 3888 ----a-w- c:\windows\system32\drivers\NTHANDLE.SYS 2010-11-08 12:11 . 2010-11-08 12:11 -------- d-----w- C:\OEMSettings 2010-11-08 11:36 . 2010-11-08 11:36 -------- d-----w- c:\windows\system32\wbem\Repository 2010-11-08 10:41 . 2010-11-08 10:41 -------- d--h--w- c:\documents and settings\All Users\Application Data\{69F69AB0-8485-4B45-A118-148977C1651A} 2010-11-06 20:03 . 2010-11-06 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters 2010-11-06 20:03 . 2010-11-08 10:41 -------- dc----w- c:\documents and settings\All Users\Application Data\{1BBDB15E-BE9E-4EEA-8849-CB176F3F62A4} 2010-11-01 16:34 . 2010-11-01 16:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-11-01 13:22 . 2010-11-01 13:56 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-11-01 13:22 . 2010-11-01 13:22 -------- d-----w- c:\program files\DVDVideoSoft 2010-10-23 17:36 . 2010-10-23 17:36 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-10-23 17:36 . 2010-10-23 17:36 -------- d-----w- c:\program files\NETGEAR 2010-10-23 17:32 . 2010-10-23 17:32 -------- d-----w- C:\C_DILLA 2010-10-23 17:32 . 2010-10-23 17:32 8864 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-20 17:51 . 2003-03-18 21:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-11-20 17:51 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-10-19 09:41 . 2010-01-21 04:04 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-10-07 23:21 . 2010-09-21 10:54 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2010-09-21 07:29 . 2010-09-21 07:29 73216 ----a-w- c:\windows\system32\drivers\pxrts.sys 2010-09-18 10:23 . 2006-03-02 02:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2006-03-02 02:00 974848 --sh--w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2006-03-02 02:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2006-03-02 02:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-15 10:10 . 2010-10-01 21:17 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2010-09-15 10:10 . 2010-10-01 21:17 24576 ----a-w- c:\windows\system32\msxml3a.dll 2010-09-10 05:52 . 2006-03-02 02:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:52 . 2006-03-02 02:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:52 . 2006-03-02 02:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:52 . 2006-03-02 02:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-09-01 07:57 . 2006-03-02 02:00 1852928 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:03 . 2006-03-02 02:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:55 . 2006-03-02 02:00 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-26 13:39 . 2006-03-02 02:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2006-03-02 02:00 94784 --sh--w- c:\windows\twain.dll 2008-04-14 20:32 50688 --sh--w- c:\windows\twain_32.dll 2008-04-14 20:32 57344 --sh--w- c:\windows\system32\msvcirt.dll 2008-04-14 20:32 413696 --sha-w- c:\windows\system32\msvcp60.dll 2008-04-14 20:32 551936 --sh--w- c:\windows\system32\oleaut32.dll 2008-04-14 20:33 12288 --sh--w- c:\windows\system32\regsvr32.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Personal ID"="c:\coolsp~1\PERSON~1\PID.EXE" [2009-03-04 1134008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920] "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 61952] "RTHDCPL"="RTHDCPL.EXE" [2006-07-04 16250880] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288] "SDMSSplash"="c:\program files\HP_SDMS\SDMSSplash\launcher.exe" [2006-03-10 86016] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856] "Norman ZANDA"="c:\norman\Npm\Bin\ZLH.EXE" [2010-01-29 189824] "AME_CSA"="amecsa.cpl" [2002-10-30 757760] "sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2010-04-20 386696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-11-20 198160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\Alain\Menu Start\Programma's\Opstarten\ SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-4-17 2326528] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2008-10-14 19:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-18 06:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 20:33 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] 2006-05-12 12:50 1138688 -c--a-w- c:\windows\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler] 2006-07-10 10:53 872448 ----a-w- c:\windows\SMINST\Scheduler.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server "3333:TCP"= 3333:TCP:Windows Media Format SDK (rmtoavimpeg.exe) R1 NGS;Norman General Security Driver;c:\norman\Ngs\Bin\ngs.sys [12/06/2010 14:11 26744] R1 NPROSEC;Norman Security driver;c:\norman\Ngs\Bin\nprosec.sys [12/06/2010 14:11 72392] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [9/10/2007 12:13 38144] R2 NNFSVC;Norman Network Filtering service;c:\norman\Ngs\Bin\nnf.exe [12/06/2010 14:11 219904] R2 NPROSECSVC;Norman Security service;c:\norman\Ngs\Bin\nprosec.exe [12/06/2010 14:11 103016] R2 nregsec;Norman Registry Security driver;c:\norman\Ngs\Bin\nregsec.sys [12/06/2010 14:11 40384] R2 NVOY;Norman Resource Provider;c:\norman\npm\bin\nvoy.exe [12/06/2010 14:07 98776] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [18/03/2008 0:35 540184] R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [21/09/2010 8:29 73216] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 18:19 13592] R3 nsesvc;Norman Scanner Engine Service;c:\norman\Nse\Bin\Nsesvc.exe [22/06/2010 13:24 282624] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [12/06/2010 12:36 21832] R3 nvcoas;Norman Virus Control on-access component;c:\norman\NVC\Bin\Nvcoas.exe [14/09/2010 13:20 210248] R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [28/12/2007 14:02 287232] R3 Scheduler;Norman Scheduler Service;c:\norman\npm\bin\scheduler.exe [12/06/2010 14:07 133272] R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [21/01/2010 13:18 16896] S2 Common Toolkit Service;Common Toolkit Service;c:\program files\Common Files\Common Toolkit Suite\FighterSuiteService.exe [20/04/2010 11:37 684680] S2 Ndiskio;Ndiskio;\??\c:\docume~1\Alain\LOCALS~1\Temp\0000072d.nmc\nse\bin\ndiskio.sys --> c:\docume~1\Alain\LOCALS~1\Temp\0000072d.nmc\nse\bin\ndiskio.sys [?] S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\drivers\ameatmpc.sys [21/03/2008 22:21 118391] S3 AtmElan;ATM geëmuleerde LAN;c:\windows\system32\drivers\atmlane.sys [2/03/2006 3:00 55808] S3 AtmLane;ATM LAN-emulatie;c:\windows\system32\drivers\atmlane.sys [2/03/2006 3:00 55808] S3 nvcfsr;nvcfsr;c:\norman\NVC\Bin\Nvcfsr.sys [12/06/2010 12:33 9032] S3 nvcoafl51;nvcoafl51;c:\norman\NVC\Bin\Nvcoafl51.sys [12/06/2010 12:33 32584] S3 nvcoaft51;nvcoaft51;c:\norman\NVC\Bin\Nvcoaft51.sys [12/06/2010 12:33 132168] S3 nvcoarc51;nvcoarc51;c:\norman\NVC\Bin\Nvcoarc51.sys [12/06/2010 12:33 25544] S3 NVCScheduler;Norman Virus Control Scheduler;c:\norman\Nvc\BIN\NVCSCHED.EXE --> c:\norman\Nvc\BIN\NVCSCHED.EXE [?] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mchInjDrv . Inhoud van de 'Gedeelde Taken' map 2010-11-22 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Free YouTube to Mp3 Converter - c:\documents and settings\Alain\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm FF - ProfilePath - c:\documents and settings\Alain\Application Data\Mozilla\Firefox\Profiles\61ysi1se.default\ FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-11-22 11:40 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run Personal ID = c:\coolsp~1\PERSON~1\PID.EXE? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|é•9~*] "3140711900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(2672) c:\norman\nvc\bin\Niphk.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2010-11-22 11:42:59 ComboFix-quarantined-files.txt 2010-11-22 10:42 ComboFix2.txt 2010-11-21 18:40 Pre-Run: 35.053.060.096 bytes beschikbaar Post-Run: 35.059.085.312 bytes beschikbaar - - End Of File - - 811DAB636E6F8D010628D7BF0CB40FD2 -
hijacthislogje na kijken
deejay117 reageerde op deejay117's topic in Archief Bestrijding malware & virussen
Als ik via google iets opzoek en ik klik dan op de pagina dan verschijnt er zo een andere pagina zoals hier boven. Soms krijg ik een ook pop up venster voor een scan uit te voeren maar en dat mijn pc besmet is maar dat laat ik niet toe. Zie afbeelding. -
hijacthislogje na kijken
deejay117 reageerde op deejay117's topic in Archief Bestrijding malware & virussen
Ja ik heb het nog steeds. -
hijacthislogje na kijken
deejay117 reageerde op deejay117's topic in Archief Bestrijding malware & virussen
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 5166 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22/11/2010 10:38:18 mbam-log-2010-11-22 (10-38-18).txt Scantype: Snelle scan Objecten gescand: 154784 Verstreken tijd: 10 minuut/minuten, 4 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:39:49, on 22/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Ngs\Bin\Nnf.exe C:\Norman\Ngs\Bin\Nprosec.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\Bin\Zanda.exe C:\Norman\npm\bin\nvoy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\PDF Complete\pdfsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PDF Complete\pdfsty.exe C:\Norman\Npm\Bin\ZLH.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\NotifyPhoneBook.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Norman\Npm\Bin\Njeeves.exe C:\Norman\Npm\Bin\scheduler.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Norman\Nse\bin\NSESVC.EXE C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Norman\Nvc\Bin\Nip.exe C:\Norman\Nvc\Bin\cclaw.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [sDMSSplash] "C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" "launchdir=C:\Program Files\HP_SDMS\SDMSSplash" O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Personal ID] C:\COOLSP~1\PERSON~1\PID.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Alain\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205798740593 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205798774125 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Common Toolkit Service - SPAMfighter - C:\Program Files\Common Files\Common Toolkit Suite\FighterSuiteService.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - C:\Norman\Ngs\Bin\Nnf.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\Bin\Njeeves.exe O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Norman\Ngs\Bin\Nprosec.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\Nse\bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing) O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Norman\Npm\Bin\scheduler.exe -- End of file - 11594 bytes -
Zou er iemand mijn hijackthis logje kunnen bekijken. Ik zit met vervelende internetpagina's die openen tijdens het surfen en die allemaal malware op mijn pc willen installeren. Alvast bedankt! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:27:57, on 21/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Ngs\Bin\Nnf.exe C:\Norman\Ngs\Bin\Nprosec.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\Bin\Zanda.exe C:\Norman\npm\bin\nvoy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\PDF Complete\pdfsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\alg.exe C:\Norman\Npm\Bin\scheduler.exe C:\Norman\Npm\Bin\Njeeves.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PDF Complete\pdfsty.exe C:\Norman\Nse\bin\NSESVC.EXE C:\Norman\Npm\Bin\ZLH.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\NotifyPhoneBook.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Norman\Nvc\Bin\Nip.exe C:\Norman\Nvc\Bin\cclaw.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [sDMSSplash] "C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" "launchdir=C:\Program Files\HP_SDMS\SDMSSplash" O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Personal ID] C:\COOLSP~1\PERSON~1\PID.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Alain\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205798740593 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205798774125 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Common Toolkit Service - SPAMfighter - C:\Program Files\Common Files\Common Toolkit Suite\FighterSuiteService.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - C:\Norman\Ngs\Bin\Nnf.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\Bin\Njeeves.exe O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Norman\Ngs\Bin\Nprosec.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\Nse\bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing) O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Norman\Npm\Bin\scheduler.exe -- End of file - 11796 bytes
-
Zolals ik al zeg lukte HostsXpert niet en gaf deze melding: Your HOSTS file is marked as a 'system file' and can NOT be manipulated. Press OK to remove the system file attribute, CANCEL to Quit. HostXpert wil Not reset these attributes. Als ik op ok klik krijk ik deze melding. Your HOSTS file is marked as a 'Hidden file' and can NOT be manipulated. Press OK to remove the system file attribute, CANCEL to Quit. HostXpert wil Not reset these attributes. Dan klik in terug op ok. Nu komen al die url's zoals google.ae enz... Ik klik nu op restore MS Hosts File. Nu komt er een venster Press OK TO Restore Microsoft original Hosts File. Ik klik op ok. Nu verschijnt er ERROR: Cannot create file C:/Windows/system32/DRIVERS/ETC/hosts Ik klik terug op ok en programma sluit af. ------------------------------------------------------------------ Wat heb ik nu uiteindelijk gedaan. Start uitvoeren C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS En bij deze computer windows C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS gezocht. Bij start uitvoeren stonden dus al de hosts. Bij het andere c was het normaal. Ik ben dan naar instellingen configuratiescherm gegaan mapopties en verborgen bestanden weergeven. Toen zag ik in de map C:\WINDOWS\SYSTEM32\DRIVERS\ETC\ 2 keer HOSTS staan. Ik heb Host syteem verwijderd. Even nog eens op start uitvoeren C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS en die vond niets meer. Dus de pc herstart en ja als ik nu start uitvoeren C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS in geef dan staat er dit. # Copyright © 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a "#" symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # 127.0.0.1 localhost Dus dit probleem is denk ik in orde.
-
Als ik start klik uitvoeren en dan C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS dan kan ik openen met kladblok. 127.0.0.1 localhost 74.125.45.100 4-open-davinci.com 74.125.45.100 securitysoftwarepayments.com 74.125.45.100 privatesecuredpayments.com 74.125.45.100 secure.privatesecuredpayments.com 74.125.45.100 getantivirusplusnow.com 74.125.45.100 secure-plus-payments.com 74.125.45.100 www.getantivirusplusnow.com 74.125.45.100 www.secure-plus-payments.com 74.125.45.100 www.getavplusnow.com 74.125.45.100 safebrowsing-cache.google.com 74.125.45.100 urs.microsoft.com 74.125.45.100 www.securesoftwarebill.com 74.125.45.100 secure.paysecuresystem.com 74.125.45.100 paysoftbillsolution.com 74.125.45.100 protected.maxisoftwaremart.com 89.248.168.186 google.ae 89.248.168.186 google.as 89.248.168.186 google.at 89.248.168.186 google.az 89.248.168.186 google.ba 89.248.168.186 google.be 89.248.168.186 google.bg 89.248.168.186 google.bs 89.248.168.186 google.ca 89.248.168.186 google.cd 89.248.168.186 google.com.gh 89.248.168.186 google.com.hk 89.248.168.186 google.com.jm 89.248.168.186 google.com.mx 89.248.168.186 google.com.my 89.248.168.186 google.com.na 89.248.168.186 google.com.nf 89.248.168.186 google.com.ng 89.248.168.186 google.ch 89.248.168.186 google.com.np 89.248.168.186 google.com.pr 89.248.168.186 google.com.qa 89.248.168.186 google.com.sg 89.248.168.186 google.com.tj 89.248.168.186 google.com.tw 89.248.168.186 google.dj 89.248.168.186 google.de 89.248.168.186 google.dk 89.248.168.186 google.dm 89.248.168.186 google.ee 89.248.168.186 google.fi 89.248.168.186 google.fm 89.248.168.186 google.fr 89.248.168.186 google.ge 89.248.168.186 google.gg 89.248.168.186 google.gm 89.248.168.186 google.gr 89.248.168.186 google.ht 89.248.168.186 google.ie 89.248.168.186 google.im 89.248.168.186 google.in 89.248.168.186 google.it 89.248.168.186 google.ki 89.248.168.186 google.la 89.248.168.186 google.li 89.248.168.186 google.lv 89.248.168.186 google.ma 89.248.168.186 google.ms 89.248.168.186 google.mu 89.248.168.186 google.mw 89.248.168.186 google.nl 89.248.168.186 google.no 89.248.168.186 google.nr 89.248.168.186 google.nu 89.248.168.186 google.pl 89.248.168.186 google.pn 89.248.168.186 google.pt 89.248.168.186 google.ro 89.248.168.186 google.ru 89.248.168.186 google.rw 89.248.168.186 google.sc 89.248.168.186 google.se 89.248.168.186 google.sh 89.248.168.186 google.si 89.248.168.186 google.sm 89.248.168.186 google.sn 89.248.168.186 google.st 89.248.168.186 google.tl 89.248.168.186 google.tm 89.248.168.186 google.tt 89.248.168.186 google.us 89.248.168.186 google.vu 89.248.168.186 google.ws 89.248.168.186 google.co.ck 89.248.168.186 google.co.id 89.248.168.186 google.co.il 89.248.168.186 google.co.in 89.248.168.186 google.co.jp 89.248.168.186 google.co.kr 89.248.168.186 google.co.ls 89.248.168.186 google.co.ma 89.248.168.186 google.co.nz 89.248.168.186 google.co.tz 89.248.168.186 google.co.ug 89.248.168.186 google.co.uk 89.248.168.186 google.co.za 89.248.168.186 google.co.zm 89.248.168.186 google.com 89.248.168.186 google.com.af 89.248.168.186 google.com.ag 89.248.168.186 google.com.ar 89.248.168.186 google.com.au 89.248.168.186 google.com.bn 89.248.168.186 google.com.br 89.248.168.186 google.com.by 89.248.168.186 google.com.bz 89.248.168.186 google.com.cu 89.248.168.186 google.com.ec 89.248.168.186 google.com.fj 89.248.168.186 www.google.ae 89.248.168.186 www.google.as 89.248.168.186 www.google.at 89.248.168.186 www.google.az 89.248.168.186 www.google.ba 89.248.168.186 www.google.be 89.248.168.186 www.google.bg 89.248.168.186 www.google.bs 89.248.168.186 www.google.ca 89.248.168.186 www.google.cd 89.248.168.186 www.google.com.gh 89.248.168.186 www.google.com.hk 89.248.168.186 www.google.com.jm 89.248.168.186 www.google.com.mx 89.248.168.186 www.google.com.my 89.248.168.186 www.google.com.na 89.248.168.186 www.google.com.nf 89.248.168.186 www.google.com.ng 89.248.168.186 www.google.ch 89.248.168.186 www.google.com.np 89.248.168.186 www.google.com.pr 89.248.168.186 www.google.com.qa 89.248.168.186 www.google.com.sg 89.248.168.186 www.google.com.tj 89.248.168.186 www.google.com.tw 89.248.168.186 www.google.dj 89.248.168.186 www.google.de 89.248.168.186 www.google.dk 89.248.168.186 www.google.dm 89.248.168.186 www.google.ee 89.248.168.186 www.google.fi 89.248.168.186 www.google.fm 89.248.168.186 www.google.fr 89.248.168.186 www.google.ge 89.248.168.186 www.google.gg 89.248.168.186 www.google.gm 89.248.168.186 www.google.gr 89.248.168.186 www.google.ht 89.248.168.186 www.google.ie 89.248.168.186 www.google.im 89.248.168.186 www.google.in 89.248.168.186 www.google.it 89.248.168.186 www.google.ki 89.248.168.186 www.google.la 89.248.168.186 www.google.li 89.248.168.186 www.google.lv 89.248.168.186 www.google.ma 89.248.168.186 www.google.ms 89.248.168.186 www.google.mu 89.248.168.186 www.google.mw 89.248.168.186 www.google.nl 89.248.168.186 www.google.no 89.248.168.186 www.google.nr 89.248.168.186 www.google.nu 89.248.168.186 www.google.pl 89.248.168.186 www.google.pn 89.248.168.186 www.google.pt 89.248.168.186 www.google.ro 89.248.168.186 www.google.ru 89.248.168.186 www.google.rw 89.248.168.186 www.google.sc 89.248.168.186 www.google.se 89.248.168.186 www.google.sh 89.248.168.186 www.google.si 89.248.168.186 www.google.sm 89.248.168.186 www.google.sn 89.248.168.186 www.google.st 89.248.168.186 www.google.tl 89.248.168.186 www.google.tm 89.248.168.186 www.google.tt 89.248.168.186 www.google.us 89.248.168.186 www.google.vu 89.248.168.186 www.google.ws 89.248.168.186 www.google.co.ck 89.248.168.186 www.google.co.id 89.248.168.186 www.google.co.il 89.248.168.186 www.google.co.in 89.248.168.186 www.google.co.jp 89.248.168.186 www.google.co.kr 89.248.168.186 www.google.co.ls 89.248.168.186 www.google.co.ma 89.248.168.186 www.google.co.nz 89.248.168.186 www.google.co.tz 89.248.168.186 www.google.co.ug 89.248.168.186 www.google.co.uk 89.248.168.186 www.google.co.za 89.248.168.186 www.google.co.zm 89.248.168.186 www.google.com 89.248.168.186 www.google.com.af 89.248.168.186 www.google.com.ag 89.248.168.186 www.google.com.ar 89.248.168.186 www.google.com.au 89.248.168.186 www.google.com.bn 89.248.168.186 www.google.com.br 89.248.168.186 www.google.com.by 89.248.168.186 www.google.com.bz 89.248.168.186 www.google.com.cu 89.248.168.186 www.google.com.ec 89.248.168.186 www.google.com.fj 89.248.168.186 google.com 89.248.168.186 www.google.com 89.248.168.186 bing.com 89.248.168.186 www.bing.com 89.248.168.186 search.yahoo.com 89.248.168.186 www.search.yahoo.com 89.248.168.186 search.live.com 89.248.168.186 search.msn.com Als ik deze url adressen verwijder en op opslaan klik dan komt er dit scherm. Kan het bestand :\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS niet maken. Controleer of het juiste pand en de juiste bestandsnaam zijn ingevoerd. Als ik de map manueel ga opzoeken daar staan deze url adressen niet in. Hoe kan dit ??? ---------- Post toegevoegd om 01:13 ---------- Vorige post was om 01:13 ---------- Als ik start klik uitvoeren en dan C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS dan kan ik openen met kladblok. 127.0.0.1 localhost 74.125.45.100 4-open-davinci.com 74.125.45.100 securitysoftwarepayments.com 74.125.45.100 privatesecuredpayments.com 74.125.45.100 secure.privatesecuredpayments.com 74.125.45.100 getantivirusplusnow.com 74.125.45.100 secure-plus-payments.com 74.125.45.100 www.getantivirusplusnow.com 74.125.45.100 www.secure-plus-payments.com 74.125.45.100 www.getavplusnow.com 74.125.45.100 safebrowsing-cache.google.com 74.125.45.100 urs.microsoft.com 74.125.45.100 www.securesoftwarebill.com 74.125.45.100 secure.paysecuresystem.com 74.125.45.100 paysoftbillsolution.com 74.125.45.100 protected.maxisoftwaremart.com 89.248.168.186 google.ae 89.248.168.186 google.as 89.248.168.186 google.at 89.248.168.186 google.az 89.248.168.186 google.ba 89.248.168.186 google.be 89.248.168.186 google.bg 89.248.168.186 google.bs 89.248.168.186 google.ca 89.248.168.186 google.cd 89.248.168.186 google.com.gh 89.248.168.186 google.com.hk 89.248.168.186 google.com.jm 89.248.168.186 google.com.mx 89.248.168.186 google.com.my 89.248.168.186 google.com.na 89.248.168.186 google.com.nf 89.248.168.186 google.com.ng 89.248.168.186 google.ch 89.248.168.186 google.com.np 89.248.168.186 google.com.pr 89.248.168.186 google.com.qa 89.248.168.186 google.com.sg 89.248.168.186 google.com.tj 89.248.168.186 google.com.tw 89.248.168.186 google.dj 89.248.168.186 google.de 89.248.168.186 google.dk 89.248.168.186 google.dm 89.248.168.186 google.ee 89.248.168.186 google.fi 89.248.168.186 google.fm 89.248.168.186 google.fr 89.248.168.186 google.ge 89.248.168.186 google.gg 89.248.168.186 google.gm 89.248.168.186 google.gr 89.248.168.186 google.ht 89.248.168.186 google.ie 89.248.168.186 google.im 89.248.168.186 google.in 89.248.168.186 google.it 89.248.168.186 google.ki 89.248.168.186 google.la 89.248.168.186 google.li 89.248.168.186 google.lv 89.248.168.186 google.ma 89.248.168.186 google.ms 89.248.168.186 google.mu 89.248.168.186 google.mw 89.248.168.186 google.nl 89.248.168.186 google.no 89.248.168.186 google.nr 89.248.168.186 google.nu 89.248.168.186 google.pl 89.248.168.186 google.pn 89.248.168.186 google.pt 89.248.168.186 google.ro 89.248.168.186 google.ru 89.248.168.186 google.rw 89.248.168.186 google.sc 89.248.168.186 google.se 89.248.168.186 google.sh 89.248.168.186 google.si 89.248.168.186 google.sm 89.248.168.186 google.sn 89.248.168.186 google.st 89.248.168.186 google.tl 89.248.168.186 google.tm 89.248.168.186 google.tt 89.248.168.186 google.us 89.248.168.186 google.vu 89.248.168.186 google.ws 89.248.168.186 google.co.ck 89.248.168.186 google.co.id 89.248.168.186 google.co.il 89.248.168.186 google.co.in 89.248.168.186 google.co.jp 89.248.168.186 google.co.kr 89.248.168.186 google.co.ls 89.248.168.186 google.co.ma 89.248.168.186 google.co.nz 89.248.168.186 google.co.tz 89.248.168.186 google.co.ug 89.248.168.186 google.co.uk 89.248.168.186 google.co.za 89.248.168.186 google.co.zm 89.248.168.186 google.com 89.248.168.186 google.com.af 89.248.168.186 google.com.ag 89.248.168.186 google.com.ar 89.248.168.186 google.com.au 89.248.168.186 google.com.bn 89.248.168.186 google.com.br 89.248.168.186 google.com.by 89.248.168.186 google.com.bz 89.248.168.186 google.com.cu 89.248.168.186 google.com.ec 89.248.168.186 google.com.fj 89.248.168.186 www.google.ae 89.248.168.186 www.google.as 89.248.168.186 www.google.at 89.248.168.186 www.google.az 89.248.168.186 www.google.ba 89.248.168.186 www.google.be 89.248.168.186 www.google.bg 89.248.168.186 www.google.bs 89.248.168.186 www.google.ca 89.248.168.186 www.google.cd 89.248.168.186 www.google.com.gh 89.248.168.186 www.google.com.hk 89.248.168.186 www.google.com.jm 89.248.168.186 www.google.com.mx 89.248.168.186 www.google.com.my 89.248.168.186 www.google.com.na 89.248.168.186 www.google.com.nf 89.248.168.186 www.google.com.ng 89.248.168.186 www.google.ch 89.248.168.186 www.google.com.np 89.248.168.186 www.google.com.pr 89.248.168.186 www.google.com.qa 89.248.168.186 www.google.com.sg 89.248.168.186 www.google.com.tj 89.248.168.186 www.google.com.tw 89.248.168.186 www.google.dj 89.248.168.186 www.google.de 89.248.168.186 www.google.dk 89.248.168.186 www.google.dm 89.248.168.186 www.google.ee 89.248.168.186 www.google.fi 89.248.168.186 www.google.fm 89.248.168.186 www.google.fr 89.248.168.186 www.google.ge 89.248.168.186 www.google.gg 89.248.168.186 www.google.gm 89.248.168.186 www.google.gr 89.248.168.186 www.google.ht 89.248.168.186 www.google.ie 89.248.168.186 www.google.im 89.248.168.186 www.google.in 89.248.168.186 www.google.it 89.248.168.186 www.google.ki 89.248.168.186 www.google.la 89.248.168.186 www.google.li 89.248.168.186 www.google.lv 89.248.168.186 www.google.ma 89.248.168.186 www.google.ms 89.248.168.186 www.google.mu 89.248.168.186 www.google.mw 89.248.168.186 www.google.nl 89.248.168.186 www.google.no 89.248.168.186 www.google.nr 89.248.168.186 www.google.nu 89.248.168.186 www.google.pl 89.248.168.186 www.google.pn 89.248.168.186 www.google.pt 89.248.168.186 www.google.ro 89.248.168.186 www.google.ru 89.248.168.186 www.google.rw 89.248.168.186 www.google.sc 89.248.168.186 www.google.se 89.248.168.186 www.google.sh 89.248.168.186 www.google.si 89.248.168.186 www.google.sm 89.248.168.186 www.google.sn 89.248.168.186 www.google.st 89.248.168.186 www.google.tl 89.248.168.186 www.google.tm 89.248.168.186 www.google.tt 89.248.168.186 www.google.us 89.248.168.186 www.google.vu 89.248.168.186 www.google.ws 89.248.168.186 www.google.co.ck 89.248.168.186 www.google.co.id 89.248.168.186 www.google.co.il 89.248.168.186 www.google.co.in 89.248.168.186 www.google.co.jp 89.248.168.186 www.google.co.kr 89.248.168.186 www.google.co.ls 89.248.168.186 www.google.co.ma 89.248.168.186 www.google.co.nz 89.248.168.186 www.google.co.tz 89.248.168.186 www.google.co.ug 89.248.168.186 www.google.co.uk 89.248.168.186 www.google.co.za 89.248.168.186 www.google.co.zm 89.248.168.186 www.google.com 89.248.168.186 www.google.com.af 89.248.168.186 www.google.com.ag 89.248.168.186 www.google.com.ar 89.248.168.186 www.google.com.au 89.248.168.186 www.google.com.bn 89.248.168.186 www.google.com.br 89.248.168.186 www.google.com.by 89.248.168.186 www.google.com.bz 89.248.168.186 www.google.com.cu 89.248.168.186 www.google.com.ec 89.248.168.186 www.google.com.fj 89.248.168.186 google.com 89.248.168.186 www.google.com 89.248.168.186 bing.com 89.248.168.186 www.bing.com 89.248.168.186 search.yahoo.com 89.248.168.186 www.search.yahoo.com 89.248.168.186 search.live.com 89.248.168.186 search.msn.com Als ik deze url adressen verwijder en op opslaan klik dan komt er dit scherm. Kan het bestand :\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS niet maken. Controleer of het juiste pand en de juiste bestandsnaam zijn ingevoerd. Als ik de map manueel ga opzoeken daar staan deze url adressen niet in.
-
Stap 1 Hijackthis verwijderd. Stap 2 lukt niet. HostsXpert geeft deze melding: Your HOSTS file is marked as a 'system file' and can NOT be manipulated. Press OK to remove the system file attribute, CANCEL to Quit. HostXpert wil Not reset these attributes. Als ik op ok klik krijk ik deze melding. Your HOSTS file is marked as a 'Hidden file' and can NOT be manipulated. Press OK to remove the system file attribute, CANCEL to Quit. HostXpert wil Not reset these attributes. Dan klik in terug op ok. Nu komen al die url's zoals google.ae enz... Ik klik nu op restore MS Hosts File. Nu komt er een venster Press OK TO Restore Microsoft original Hosts File. Ik klik op ok. Nu verschijnt er ERROR: Cannot create file C:/Windows/system32/DRIVERS/ETC/hosts Ik klik terug op ok en programma sluit af.
-
Het programma System Defender heeft mijn pc besmet. Hijackthis log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:06:17 , on 9/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Norman\Npm\Bin\eLogsvc.exe C:\Program Files\Norman\Ngs\Bin\Nprosec.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Program Files\Norman\npm\bin\nvoy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Norman\Npm\Bin\ZLH.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE C:\Program Files\Norman\Npm\Bin\scheduler.exe C:\Program Files\Norman\Npm\Bin\Njeeves.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Norman\nse\bin\NSESVC.EXE C:\Program Files\Norman\Nvc\bin\nvcoas.exe C:\Program Files\Norman\Nvc\Bin\Nip.exe C:\Program Files\Norman\Nvc\Bin\cclaw.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O1 - Hosts: 89.248.168.186 google.ae O1 - Hosts: 89.248.168.186 google.as O1 - Hosts: 89.248.168.186 google.at O1 - Hosts: 89.248.168.186 google.az O1 - Hosts: 89.248.168.186 google.ba O1 - Hosts: 89.248.168.186 google.be O1 - Hosts: 89.248.168.186 google.bg O1 - Hosts: 89.248.168.186 google.bs O1 - Hosts: 89.248.168.186 google.ca O1 - Hosts: 89.248.168.186 google.cd O1 - Hosts: 89.248.168.186 google.com.gh O1 - Hosts: 89.248.168.186 google.com.hk O1 - Hosts: 89.248.168.186 google.com.jm O1 - Hosts: 89.248.168.186 google.com.mx O1 - Hosts: 89.248.168.186 google.com.my O1 - Hosts: 89.248.168.186 google.com.na O1 - Hosts: 89.248.168.186 google.com.nf O1 - Hosts: 89.248.168.186 google.com.ng O1 - Hosts: 89.248.168.186 google.ch O1 - Hosts: 89.248.168.186 google.com.np O1 - Hosts: 89.248.168.186 google.com.pr O1 - Hosts: 89.248.168.186 google.com.qa O1 - Hosts: 89.248.168.186 google.com.sg O1 - Hosts: 89.248.168.186 google.com.tj O1 - Hosts: 89.248.168.186 google.com.tw O1 - Hosts: 89.248.168.186 google.dj O1 - Hosts: 89.248.168.186 google.de O1 - Hosts: 89.248.168.186 google.dk O1 - Hosts: 89.248.168.186 google.dm O1 - Hosts: 89.248.168.186 google.ee O1 - Hosts: 89.248.168.186 google.fi O1 - Hosts: 89.248.168.186 google.fm O1 - Hosts: 89.248.168.186 google.fr O1 - Hosts: 89.248.168.186 google.ge O1 - Hosts: 89.248.168.186 google.gg O1 - Hosts: 89.248.168.186 google.gm O1 - Hosts: 89.248.168.186 google.gr O1 - Hosts: 89.248.168.186 google.ht O1 - Hosts: 89.248.168.186 google.ie O1 - Hosts: 89.248.168.186 google.im O1 - Hosts: 89.248.168.186 google.in O1 - Hosts: 89.248.168.186 google.it O1 - Hosts: 89.248.168.186 google.ki O1 - Hosts: 89.248.168.186 google.la O1 - Hosts: 89.248.168.186 google.li O1 - Hosts: 89.248.168.186 google.lv O1 - Hosts: 89.248.168.186 google.ma O1 - Hosts: 89.248.168.186 google.ms O1 - Hosts: 89.248.168.186 google.mu O1 - Hosts: 89.248.168.186 google.mw O1 - Hosts: 89.248.168.186 google.nl O1 - Hosts: 89.248.168.186 google.no O1 - Hosts: 89.248.168.186 google.nr O1 - Hosts: 89.248.168.186 google.nu O1 - Hosts: 89.248.168.186 google.pl O1 - Hosts: 89.248.168.186 google.pn O1 - Hosts: 89.248.168.186 google.pt O1 - Hosts: 89.248.168.186 google.ro O1 - Hosts: 89.248.168.186 google.ru O1 - Hosts: 89.248.168.186 google.rw O1 - Hosts: 89.248.168.186 google.sc O1 - Hosts: 89.248.168.186 google.se O1 - Hosts: 89.248.168.186 google.sh O1 - Hosts: 89.248.168.186 google.si O1 - Hosts: 89.248.168.186 google.sm O1 - Hosts: 89.248.168.186 google.sn O1 - Hosts: 89.248.168.186 google.st O1 - Hosts: 89.248.168.186 google.tl O1 - Hosts: 89.248.168.186 google.tm O1 - Hosts: 89.248.168.186 google.tt O1 - Hosts: 89.248.168.186 google.us O1 - Hosts: 89.248.168.186 google.vu O1 - Hosts: 89.248.168.186 google.ws O1 - Hosts: 89.248.168.186 google.co.ck O1 - Hosts: 89.248.168.186 google.co.id O1 - Hosts: 89.248.168.186 google.co.il O1 - Hosts: 89.248.168.186 google.co.in O1 - Hosts: 89.248.168.186 google.co.jp O1 - Hosts: 89.248.168.186 google.co.kr O1 - Hosts: 89.248.168.186 google.co.ls O1 - Hosts: 89.248.168.186 google.co.ma O1 - Hosts: 89.248.168.186 google.co.nz O1 - Hosts: 89.248.168.186 google.co.tz O1 - Hosts: 89.248.168.186 google.co.ug O1 - Hosts: 89.248.168.186 google.co.uk O1 - Hosts: 89.248.168.186 google.co.za O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ADSL USB Modem Connection.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.eurosys.be/ O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - HouseCall - Free Virus Scan O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198954035578 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5251/mcfscan.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2060CA14-690D-41A0-AE10-2DB9660A24AB}: NameServer = 195.238.2.21 195.238.2.22 O17 - HKLM\System\CS2\Services\Tcpip\..\{2060CA14-690D-41A0-AE10-2DB9660A24AB}: NameServer = 195.238.2.21 195.238.2.22 O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe O23 - Service: Google Updateservice (gupdate1c9b3aaa14cd8b0) (gupdate1c9b3aaa14cd8b0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe (file missing) O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe -- End of file - 11049 bytes

OVER ONS
PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!