|
Volledige versie bekijken : Virtuall.dll Bartmen 12 July 2006, 22:12 Hallo Weet iemand hoe ik de trojan virtuallDNS.dll kan verwijderen? Deze staat op c:\windows\virtualDNS.dll Graag snelle hulp:lol: Groetjes Martijnc 12 July 2006, 22:37 Download en installeer Ewido Anti-Spyware 4.0 (http://www.ewido.net/en/download/). Start Ewido. klik achter "Resident Shield" op "change state", zodat "active" verandert in "inactive". klik achter "Automatic updates" op "change state", zodat "active" verandert in "inactive". (Negeer de "Your computer is at risk" melding die Ewido nu geeft.) Klik in het menu bovenaan op Update en klik op de Start Update knop. Wacht tot de updates zijn binnengehaald. Klik in het menu bovenaan op Scanner en kies Settings. - Klik onder "How to act?" op Recommended Actions en selecteer Quarantine (belangrijk!). - Zorg ervoor dat onder Reports is aangevinkt: Automatically generate report after every scan. - Zorg ervoor dat onder Reports géén vinkje staat voor: Only if threats were found. Klik op Scan en kies Complete System Scan. Na afloop van de scan, klik je op Apply All Actions. Wanneer je de melding krijgt All actions have been applied, klik je onderaan op de knop Save Report. Het rapport van de scan wordt nu opgeslagen in de map Program Files\ewido anti-spyware 4.0\Reports. Klik je daarna op de knop Save report as, dan krijg je de mogelijkheid om het rapportje op een andere plaats op te slaan. Sla het rapport op op een plaats waar je het gemakkelijk kunt terugvinden, bijv. je bureaublad. Sluit Ewido af. Kopieer het rapport van de scan en plaats dat hier in je volgende bericht. Als dat niet helpt probeer je dit. (http://www.ivanhoejupiler.be/t37-lees-dit-vooraleer-je-een-hijackthislog-plaatst.html) :) Bartmen 13 July 2006, 00:17 Download en installeer Ewido Anti-Spyware 4.0 (http://www.ewido.net/en/download/). Start Ewido. klik achter "Resident Shield" op "change state", zodat "active" verandert in "inactive". klik achter "Automatic updates" op "change state", zodat "active" verandert in "inactive". (Negeer de "Your computer is at risk" melding die Ewido nu geeft.) Klik in het menu bovenaan op Update en klik op de Start Update knop. Wacht tot de updates zijn binnengehaald. Klik in het menu bovenaan op Scanner en kies Settings. - Klik onder "How to act?" op Recommended Actions en selecteer Quarantine (belangrijk!). - Zorg ervoor dat onder Reports is aangevinkt: Automatically generate report after every scan. - Zorg ervoor dat onder Reports géén vinkje staat voor: Only if threats were found. Klik op Scan en kies Complete System Scan. Na afloop van de scan, klik je op Apply All Actions. Wanneer je de melding krijgt All actions have been applied, klik je onderaan op de knop Save Report. Het rapport van de scan wordt nu opgeslagen in de map Program Files\ewido anti-spyware 4.0\Reports. Klik je daarna op de knop Save report as, dan krijg je de mogelijkheid om het rapportje op een andere plaats op te slaan. Sla het rapport op op een plaats waar je het gemakkelijk kunt terugvinden, bijv. je bureaublad. Sluit Ewido af. Kopieer het rapport van de scan en plaats dat hier in je volgende bericht.Als dat niet helpt probeer je dit. (http://www.ivanhoejupiler.be/t37-lees-dit-vooraleer-je-een-hijackthislog-plaatst.html) :) Hier mijne uitslag... niet al te positief...:s jurgenv 13 July 2006, 00:25 Je mag gerust het rapport als je volgend antwoord posten hoor. ;) Bartmen 13 July 2006, 00:44 Ik snap er niks meer van... alles mislukt of hangt vast, dus bij deze kopieer ik het gewoon: --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 0:15:01 13/07/2006 + Scan result: HKU\S-1-5-21-343818398-813497703-839522115-1003\Software\Browser Pal -> Adware.BrowserPal : Cleaned with backup (quarantined). HKU\S-1-5-21-343818398-813497703-839522115-1003\Software\Browser Pal\Registration -> Adware.BrowserPal : Cleaned with backup (quarantined). HKU\S-1-5-21-343818398-813497703-839522115-1003\Software\Browser Pal\Trusted Sites -> Adware.BrowserPal : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Menu Start\Programma's\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Menu Start\Programma's\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Menu Start\Programma's\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Menu Start\Programma's\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Menu Start\Programma's\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Menu Start\Programma's\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Save\ACM.dll -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Save\Save.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Save\SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Save\ffext.mod -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Save\save.htm -> Adware.SaveNow : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SaveNow -> Adware.SaveNow : Cleaned with backup (quarantined). HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined). HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Cleaned with backup (quarantined). HKLM\SOFTWARE\WhenUSave\Partners\WUSV -> Adware.SaveNow : Cleaned with backup (quarantined). :mozilla.328:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.351:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.432:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). :mozilla.442:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@livenation.122.2o 7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@microsofteup.112. 2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@microsoftwga.112. 2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined). :mozilla.403:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined). :mozilla.404:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined). :mozilla.79:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). :mozilla.80:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). :mozilla.103:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). :mozilla.58:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined). :mozilla.75:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). :mozilla.512:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined). :mozilla.587:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined). :mozilla.191:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined). :mozilla.49:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). :mozilla.346:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.384:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.400:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@e-2dj6wfkownd5cdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@e-2dj6wfmisoc5mbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@e-2dj6wjlienc5ibo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined). :mozilla.102:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined). :mozilla.578:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). :mozilla.192:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.524:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.525:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.527:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.528:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.543:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.544:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.545:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.550:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined). :mozilla.334:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.379:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.462:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@ehg-chrysler.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). :mozilla.546:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). :mozilla.547:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). :mozilla.548:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). :mozilla.549:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@server.iad.livepe rson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined). :mozilla.457:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined). :mozilla.175:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@data2.perf.overtu re[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@tpl1.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned with backup (quarantined). :mozilla.199:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.200:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.201:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.202:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). :mozilla.108:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.109:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.263:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.270:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.272:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.277:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.352:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.556:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.572:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.573:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.574:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined). :mozilla.97:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.98:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). :mozilla.62:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). :mozilla.68:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). :mozilla.69:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). :mozilla.94:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). :mozilla.203:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined). :mozilla.370:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined). :mozilla.37:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.38:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.39:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.40:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.41:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). :mozilla.42:C:\Documents and Settings\Vranken\Application Data\Mozilla\Firefox\Profiles\i29lt2u9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). C:\Documents and Settings\Vranken\Cookies\vranken@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). ::Report end Alvast bedankt Martijnc 13 July 2006, 14:24 Mooi, zijn er nog problemen met Virtual.dll? Post dan eens een HijackThis logje. Bartmen 13 July 2006, 14:26 Mooi, zijn er nog problemen met Virtual.dll? Post dan eens een HijackThis logje. Tot nu toe geen problemen meer gemerkt... Dus door het programma is het bestandje nu weg?? Groetjes Martijnc 13 July 2006, 14:30 Nee, Ewido heeft hem niet gehad, best eens een HijackThis logje posten. Bartmen 13 July 2006, 14:38 Nee, Ewido heeft hem niet gehad, best eens een HijackThis logje posten. Hallo hier even via hijack dan... Logfile of HijackThis v1.99.1 Scan saved at 14:38:01, on 13/07/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Trust\305KS\Mouse\mouse32a.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe C:\Program Files\Trust\305KS\Keyboard\KbdAp32A.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\NORTON~2\navapw32.exe C:\Program Files\Norton Internet Security\IAMAPP.EXE C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\SymProxySvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Norton Internet Security\NISSERV.EXE C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Vranken\Local Settings\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe \RESET O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Trust\305KS\Keyboard\MMKEYBD.EXE O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Trust\305KS\Mouse\mouse32a.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://meuretritammnetherlands.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe Groetjes Martijnc 13 July 2006, 14:41 Ziet er ook goed uit, als je geen problemen meer hebt is het weg :) Bartmen 13 July 2006, 14:43 En ik ging net kijken bij c:\windows en zie dat het er nog steeds staat... wanneer ik c:\windows open(Virtuall.dll dus niet), krijg ik weer bericht dat er trojan ontdekt is... Rotpc?:) Groetjes Martijnc 13 July 2006, 14:47 * Download Killbox (http://www.downloads.subratam.org/KillBox.exe). Klik op killbox.exe. Kies de optie: "Delete on reboot". Kopieer het volgende vetgedrukt deel: c:\windows\Virtuall.dll Open 'file' in het killboxmenu bovenaan en kies: Paste from clipboard Je zal zien, het bovenstaande vetgedrukte zal staan in het "Full Path of File to Delete"-veld. Er is een klein pijltje naast dat veld. Als je daarop klikt zal je al die bovenstaande lijntjes (indien bestanden aanwezig) die je gekopieerd hebt zien staan (dit is alvast de bedoeling) Klik op de knop: All files (!Belangrijk!) Daarna, Klik op de rode cirkel met het wit kruisje erin. Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES. Je pc moet nu rebooten. |