Volledige versie bekijken : toolbar probleem
Jun!ortje 31 January 2007, 17:38 hej , ik heb oppeens een ellendige toolbar gekrege bij internet explorer genaamd "mirar" en ik krijg die toolbar niet verwijderd . http://www.mirarsearch.com/support/uninstall.html , bij stap 4 zit ik vast :frown: mirar staat niet tusse mijn programma's . waar ik me ook zorgen om maak is dat ik soms waarschuwingen krijg als ik internet explorer open:frown: iemand enig idee?
Komt van topic http://www.minatica.be/showthread.php?t=42701
hier is het logje;)
Logfile of HijackThis v1.99.1
Scan saved at 16:36:59, on 31/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\LightSurf\Colorific\hgcctl95.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\Bokskes\LOCALS~1\Temp\Rar$EX01.265\Hij ackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\UpMedia\ContentTool.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bokskes\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162215196484
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.be/NET/Import/ImageUploader3.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
gotenks 31 January 2007, 20:48 Hey Jun!ortje,
ik ga je logje nakijken dus even geduld. Zodra ik een fix heb plaats ik deze hier. ;)
Gotenks
gotenks 31 January 2007, 22:44 Hey,
* Ga naar Start => Configuratiescherm => Software en verwijder volgend programma, indien aanwezig:
Mirar
* Maak verborgen mappen en bestanden zichtbaar (http://martijnc.be/index.php?id=36).
* Start Hijackthis, klik op "Do a system scan only" en vink volgende regels aan:
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\UpMedia\ContentTool.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
* Sluit nu alle open vensters en browsers, behalve Hijackthis, en klik op "Fix checked".
* Download en installeer AVG Anti-Spyware (http://www.ewido.net/en/download/).
Na de installatie, open AVG Anti-Spyware:
* onder "Status", klik op Change state naast "Resident shield". (wijzig van active naar inactive!)
* onder "Update", klik op de Start update knop.
* onder "Scanner", tab "Settings":- onder "How to act?", klik op "Recommended actions" en selecteer Quarantine. (ZEER BELANGRIJK!)
* onder "Reports", selecteer Automatically generate report after every scan en verwijder het vinkje bij Only if threats were found
Sluit AVG Anti-Spyware. Laat het nog niet scannen.
* Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen
die je kan vinden op: http://users.pandora.be/marcvn/spyware/1414188.htm
Download link van Ad-aware: http://www.lavasoftusa.com/products/ad-aware_se_personal.php
* Start je computer op in VEILIGE MODUS (http://users.pandora.be/marcvn/spyware/1378056.htm)
* Verwijder even volgende bestanden en mappen, indien aanwezig:
C:\WINDOWS\system32\UpMedia\ContentTool.dll => dit bestand
C:\WINDOWS\system32\WinNB58.dll => dit bestand
C:\WINDOWS\system32\WinNB58.dll => dit bestand
* Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt.
* Start AVG Anti-Spyware.* Klik op Scan en kies Complete System Scan.
Na de scan; volg onderstaande instructies :
BELANGRIJK : Klik niet op de "Save Scan Report" knop vooraleer je de "Apply all Actions" knop hebt aangeklikt !
* Draag er zorg voor dat Set all elements to: op Quarantine staat (1),
zoniet klik op de link en kies Quarantine in de popup menu. (2)
(Dit geldt niet voor cookies, deze worden onveranderlijk gedelete !)
* Onderaan het venster klik op de Apply all Actions knop. (3)
http://home.scarlet.be/~topalex/ewidoscan.jpg
* Wanneer je de melding krijgt 'All actions have been applied', klik je onderaan op de knop Save Report.
* Herstart je computer in normale modus.
* Download ATF cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.
Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.
Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.
* Post een nieuw Hijackthis logje samen met het rapport van Adaware SE, vermeldt eventuele problemen en zeg even welke waarschuwingen je krijgt als je Internet Explorer opstart.
Jun!ortje 1 February 2007, 21:22 hier is het nieuwe logje ;) het rapport van adware SE staat er onder:)
internet explorer werkt trg goed en de toolbar is weg. Thx minse:good:
Logfile of HijackThis v1.99.1
Scan saved at 20:14:43, on 1/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\LightSurf\Colorific\hgcctl95.exe
C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\ehome\ehshell.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Bokskes\LOCALS~1\Temp\Rar$EX00.672\Hij ackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bokskes\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162215196484
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.be/NET/Import/ImageUploader3.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
adware logfile
Ad-Aware SE Build 1.06r1
Logfile Created on:donderdag 1 februari 2007 20:17:49
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R148 29.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»» »
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»
MRU List(TAC index:0):10 total references
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
1-02-2007 20:17:49 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 456
ThreadCreationTime : 1-02-2007 19:08:28
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 568
ThreadCreationTime : 1-02-2007 19:08:33
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 592
ThreadCreationTime : 1-02-2007 19:08:34
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 1-02-2007 19:08:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 648
ThreadCreationTime : 1-02-2007 19:08:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 812
ThreadCreationTime : 1-02-2007 19:08:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 860
ThreadCreationTime : 1-02-2007 19:08:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 952
ThreadCreationTime : 1-02-2007 19:08:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1072
ThreadCreationTime : 1-02-2007 19:08:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1112
ThreadCreationTime : 1-02-2007 19:08:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1380
ThreadCreationTime : 1-02-2007 19:08:36
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1496
ThreadCreationTime : 1-02-2007 19:08:36
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe
#:13 [bullguardupdate.exe]
FilePath : C:\Program Files\BullGuard Software\BullGuard\
ProcessID : 1508
ThreadCreationTime : 1-02-2007 19:08:36
BasePriority : Normal
FileVersion : 6, 1, 0, 0
ProductVersion : 6, 1, 0, 0
ProductName : BullGuard
CompanyName : BullGuard Software
FileDescription : BullGuard LiveUpdate Service
InternalName : LiveUpdateSvc
LegalCopyright : (c) BullGuard Software. All rights reserved.
OriginalFilename : BullGuardUpdate.exe
#:14 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1532
ThreadCreationTime : 1-02-2007 19:08:36
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:15 [ehrecvr.exe]
FilePath : C:\WINDOWS\eHome\
ProcessID : 1580
ThreadCreationTime : 1-02-2007 19:08:36
BasePriority : Above Normal
FileVersion : 5.1.2715.3011 (xpsp(wmbla).061009-1511)
ProductVersion : 5.1.2715.3011
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Receiver Service
InternalName : ehRecvr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehRecvr.exe
#:16 [ehsched.exe]
FilePath : C:\WINDOWS\eHome\
ProcessID : 1600
ThreadCreationTime : 1-02-2007 19:08:36
BasePriority : Normal
FileVersion : 5.1.2710.2732 (xpsp(wmbla).050805-1245)
ProductVersion : 5.1.2710.2732
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Media Center Scheduler-service
InternalName : ehSched
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : ehSched.exe
#:17 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1748
ThreadCreationTime : 1-02-2007 19:08:37
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1972
ThreadCreationTime : 1-02-2007 19:08:37
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : EXPLORER.EXE
#:19 [inetinfo.exe]
FilePath : C:\WINDOWS\system32\inetsrv\
ProcessID : 2012
ThreadCreationTime : 1-02-2007 19:08:37
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : INETINFO.EXE
#:20 [lssrvc.exe]
FilePath : C:\Program Files\Common Files\LightScribe\
ProcessID : 216
ThreadCreationTime : 1-02-2007 19:08:37
BasePriority : Normal
FileVersion : 1.4.89.1
ProductName : LightScribe
CompanyName : Hewlett-Packard Company
LegalCopyright : © Copyright 2003-2006 Hewlett-Packard Development Company, LP
OriginalFilename : LSSrvc.exe
#:21 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 344
ThreadCreationTime : 1-02-2007 19:08:37
BasePriority : Normal
FileVersion : 6.14.10.9351
ProductVersion : 6.14.10.9351
ProductName : NVIDIA Driver Helper Service, Version 93.51
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 93.51
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:22 [richvideo.exe]
FilePath : C:\Program Files\CyberLink\Shared Files\
ProcessID : 412
ThreadCreationTime : 1-02-2007 19:08:37
BasePriority : Normal
FileVersion : 1.1.1801
ProductVersion : 1.1.1801
ProductName : RichVideo Module
FileDescription : RichVideo Module
InternalName : RichVideo
LegalCopyright : Copyright 2004
OriginalFilename : RichVideo.EXE
#:23 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 496
ThreadCreationTime : 1-02-2007 19:08:37
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:24 [x10nets.exe]
FilePath : C:\PROGRA~1\COMMON~1\X10\Common\
ProcessID : 980
ThreadCreationTime : 1-02-2007 19:08:38
BasePriority : Realtime
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : x10 Module
CompanyName : X10
FileDescription : X10 Module
InternalName : x10
LegalCopyright : Copyright 1999 X10
OriginalFilename : x10.exe
#:25 [mcrdsvc.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 1184
ThreadCreationTime : 1-02-2007 19:08:38
BasePriority : Normal
FileVersion : 4.1.2710.2732 (xpsp(wmbla).050805-1245)
ProductVersion : 4.1.2710.2732
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : MCRD Device Service
InternalName : McrdSvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : McrdSvc.exe
#:26 [wmpnetwk.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 1652
ThreadCreationTime : 1-02-2007 19:08:38
BasePriority : Normal
FileVersion : 11.0.5721.5145 (WMP_11.061018-2006)
ProductVersion : 11.0.5721.5145
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player Network Sharing-service
InternalName : Windows Media Player Network Sharing Service
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : WMPNetwk.exe
#:27 [ehtray.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 2440
ThreadCreationTime : 1-02-2007 19:08:39
BasePriority : Normal
FileVersion : 5.1.2715.2765 (xpsp(wmbla).050928-2135)
ProductVersion : 5.1.2715.2765
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Tray Applet
InternalName : ehtray
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehtray.exe
#:28 [rthdcpl.exe]
FilePath : C:\WINDOWS\
ProcessID : 2448
ThreadCreationTime : 1-02-2007 19:08:39
BasePriority : Normal
FileVersion : 2.1.0.1
ProductVersion : 2.1.0.1
ProductName : Realtek HD Audio Sound Effect Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek HD Audio Control Panel
LegalCopyright : Copyright (c) 2004 Realtek Semiconductor Corp.
OriginalFilename : RTHDCPL.EXE
#:29 [agent.exe]
FilePath : C:\Program Files\ExtraFilm PhotoAssistant\
ProcessID : 2496
ThreadCreationTime : 1-02-2007 19:08:40
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Order Software
FileDescription : Order Software
InternalName : Order Software
LegalCopyright : Copyright (C) Spector Photo Group 2005
OriginalFilename : agent.exe
#:30 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 2512
ThreadCreationTime : 1-02-2007 19:08:40
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe
#:31 [bullguard.exe]
FilePath : C:\Program Files\BullGuard Software\BullGuard\
ProcessID : 2524
ThreadCreationTime : 1-02-2007 19:08:40
BasePriority : Normal
FileVersion : 6, 1, 0, 2
ProductVersion : 6.1
ProductName : BullGuard
CompanyName : BullGuard Software
FileDescription : BullGuard
InternalName : bullguard.exe
LegalCopyright : ©2006, BullGuard Software. All rights reserved.
OriginalFilename : bullguard.exe
#:32 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2532
ThreadCreationTime : 1-02-2007 19:08:40
BasePriority : Normal
FileVersion : 7.5.0324
ProductVersion : 7.5.0324
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:33 [wmpnscfg.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 2548
ThreadCreationTime : 1-02-2007 19:08:40
BasePriority : Normal
FileVersion : 11.0.5721.5145 (WMP_11.061018-2006)
ProductVersion : 11.0.5721.5145
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Toepassing voor configuratie van Windows Media Connect
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : WMPNSCFG.EXE
#:34 [iconmgr.exe]
FilePath : C:\Program Files\LightSurf\Common\
ProcessID : 2612
ThreadCreationTime : 1-02-2007 19:08:41
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : IconMgr
CompanyName : LightSurf Technologies, Inc.
FileDescription : IconMgr
InternalName : IconMgr
LegalCopyright : Copyright ©2002, LightSurf Technologies, Inc.
OriginalFilename : IconMgr.exe
#:35 [hgcctl95.exe]
FilePath : C:\Program Files\LightSurf\Colorific\
ProcessID : 2636
ThreadCreationTime : 1-02-2007 19:08:41
BasePriority : Normal
FileVersion : 99, 50, 0, 3
ProductVersion : 99.50
ProductName : Colorific ® (Windows)
CompanyName : LightSurf Technologies, Inc.
FileDescription : Colorific Control Panel
InternalName : HGCCTL95
LegalCopyright : Copyright © 1995-2002, LightSurf Technologies, Inc.
OriginalFilename : HGCCTL95.EXE
#:36 [ticicon.exe]
FilePath : C:\Program Files\LightSurf\Color Indicator\
ProcessID : 2680
ThreadCreationTime : 1-02-2007 19:08:42
BasePriority : Normal
FileVersion : 2, 2, 0, 3
ProductVersion : 2, 2, 0, 0
ProductName : Color Indicator system tray application
CompanyName : LightSurf Technologies, Inc.
FileDescription : TICIcon.exe
InternalName : TICIcon.exe
LegalCopyright : Copyright© 1999-2002 LightSurf Technologies, Inc.
LegalTrademarks : All rights reserved
OriginalFilename : TICIcon.exe
Comments : Color Indicator system tray application
#:37 [dllhost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3000
ThreadCreationTime : 1-02-2007 19:08:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : COM Surrogate
InternalName : dllhost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : dllhost.exe
#:38 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3200
ThreadCreationTime : 1-02-2007 19:08:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:39 [ehmsas.exe]
FilePath : C:\WINDOWS\eHome\
ProcessID : 3240
ThreadCreationTime : 1-02-2007 19:08:46
BasePriority : Normal
FileVersion : 5.1.2710.2732 (xpsp(wmbla).050805-1245)
ProductVersion : 5.1.2710.2732
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Media Status Aggregator Service
InternalName : eHMSAS
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehMSAS.exe
#:40 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3272
ThreadCreationTime : 1-02-2007 19:08:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:41 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 316
ThreadCreationTime : 1-02-2007 19:09:39
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Automatische updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : wuauclt.exe
#:42 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2056
ThreadCreationTime : 1-02-2007 19:10:18
BasePriority : Normal
#:43 [ehshell.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 4092
ThreadCreationTime : 1-02-2007 19:11:21
BasePriority : Above Normal
FileVersion : 5.1.2715.3011 (xpsp(wmbla).061009-1511)
ProductVersion : 5.1.2715.3011
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center
InternalName : ehshell.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehshell.exe
#:44 [ehrec.exe]
FilePath : C:\WINDOWS\eHome\
ProcessID : 2088
ThreadCreationTime : 1-02-2007 19:11:31
BasePriority : Normal
FileVersion : 5.1.2710.2732 (xpsp(wmbla).050805-1245)
ProductVersion : 5.1.2710.2732
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Media Center-hostmodule
InternalName : eHRec
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : ehRec.exe
#:45 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 988
ThreadCreationTime : 1-02-2007 19:17:32
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Disk Scan Result for C:\DOCUME~1\Bokskes\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»» »
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0
MRU List Object Recognized!
Location: : S-1-5-21-2165394799-357371228-289930972-1005\software\microsoft\direct3d\mostrecentapplica tion
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-2165394799-357371228-289930972-1005\software\microsoft\direct3d\mostrecentapplica tion
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplicatio n
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-2165394799-357371228-289930972-1005\software\microsoft\windows\currentversion\exp lorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-2165394799-357371228-289930972-1005\software\microsoft\windows\currentversion\exp lorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-2165394799-357371228-289930972-1005\software\microsoft\windows\currentversion\exp lorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-2165394799-357371228-289930972-1005\software\microsoft\windows\currentversion\exp lorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-2165394799-357371228-289930972-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10
20:20:35 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»
Total scanning time:00:02:45.346
Objects scanned:94286
Objects identified:0
Objects ignored:0
New critical objects:0
gotenks 1 February 2007, 23:18 Hey,
* Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
Download Java Runtime Environment (JRE) 6.0 (http://java.sun.com/javase/downloads/index.jsp).
Scroll omlaag naar : "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Klik op de "Download" knop aan de rechterkant.
Vink aan: "Accept License Agreement".
De pagina zal herladen.
Klik op de link om Windows Offline Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6-windows-i586.exe op je Bureaublad om de nieuwste versie van Java te installeren.
* Voor de rest ziet je logje er goed uit. ;) Kun je even eventuele problemen melden?
Jun!ortje 2 February 2007, 19:39 okej dit is gebeurd ,nee geen probleme meer:good: thx m8.
gotenks 2 February 2007, 19:54 Ben blij dat alles in orde is nu. :) Volg nog even onderstaande tips om problemen in de toekomst te vermijden ;)
1. Installeer alvast volgende GRATIS programmatjes indien je ze nog niet hebt:
Spywareblaster: http://www.javacoolsoftware.com/spywareblaster.html
Ad-Aware SE: http://www.majorgeeks.com/download506.html
Spybot: Search & Destroy: http://www.safer-networking.org/en/index.html
2. Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.
En kies eventueel een alternatieve browser zoals:
Opera: http://www.opera.com/
Firefox: http://www.mozilla.org/products/firefox/
3. En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall en/of Bitdefender. Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is
Housecall: http://housecall.trendmicro.com/
BitDefender: http://www.bitdefender.com/scan/licence.php
4. Breng geregeld ook eens een bezoekje aan: http://windowsupdate.microsoft.com/
5. Bekijk ook eens deze 2 filmpjes.. Heel interessant:
http://www2.trosradar.nl/mediaplayer...&mode=dossier#
http://www.benedelman.org/spyware/security-111804.wmv
Meer preventietips zijn ook op volgende sites te vinden:
http://www.bluemedicine.be
http://users.telenet.be/marcvn/spyware
How did I get infected in the first place (article by TonyKlein)
Het voorkomen van spyware-infecties en browserhijacking
|
|