Archief - Weer een spyware probleem

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
D

DyNaRaX

Legacy Member
Mijn broer heeft het weer eens gefixed, hij heeft weer eens gezorgd dat hij spyware op zijn pc heeft gekregen.
Volgende key komt steeds terug: Hkey_localMAchine\software\clickspring.

Ik heb de key al verwijderd met Adaware en zelf manueel gedelete maar telkens komt hij terug.
Spybot vind niks, Pest Patrol kan ook niet helpen om de key te verwijderen.


Logfile of HijackThis v1.97.7
Scan saved at 13:56:01, on 17/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\Rund\Application Data\tuso.exe
C:\WINDOWS\System32\wdb.exe
C:\Program Files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
E:\Netwerk\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = +w
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Rund/Prive/Html/start/start.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.pandora.be:8080
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3788612F-E069-2DCC-8752-6C557BDC2F1E} - C:\WINDOWS\System32\obkr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6F896D7C-B736-299A-8752-6C557BD32D1E} - C:\WINDOWS\System32\wzkturbr.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Aqua.exe] Aqua.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Oomm] C:\Documents and Settings\Rund\Application Data\tuso.exe
O4 - HKCU\..\Run: [Jfi] C:\WINDOWS\System32\wdb.exe
O4 - Startup: Samsung Internet Keyboard.lnk = C:\Program Files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: Research (HKLM)
O12 - Plugin for .ssc: C:\WINDOWS\Downloaded Program Files\Ubizen\SmartStart\NPSmartStart32.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc/opuc.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.mapsonline.be/Install/mgaxctrl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37670.4143287037
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/shockwave/slyder/install.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game14.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O16 - DPF: {E3802230-F0E2-4A75-9947-EAB78DD8153F} (InstallerX Class) - http://www.euroklik.nl/cab/EroWebInstaller.cab
s

shiva

Legacy Member
Yeah same ... ffs kom er ziek van !!
help iemand !!! :cry:


Logfile of HijackThis v1.98.2
Scan saved at 17:08:19, on 17/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\System32\gearsec.exe
C:\documents and settings\mr. ali\local settings\temp\FbNzUikUL.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\documents and settings\mr. ali\local settings\temp\FbNzUikUL.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\documents and settings\mr. ali\local settings\temp\a.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\D-Tools\daemon.exe
C:\documents and settings\mr. ali\local settings\temp\hSi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\actoer.exe
C:\Program Files\SED\SED.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wtsit.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Common Files\Symantec Shared\nmain.exe
C:\WINDOWS\System32\VoqW.exe
C:\WINDOWS\System32\VoqW.exe
D:\The All-Seeing Eye\eye.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis1982.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mcitsychaeuldefipnt.com/...kR9uiqAKFh/K5fGhjykUYbnVYAmdXarGT3RFZ4mok.cgi
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Mr. Ali\Local Settings\Temp\f9.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE
O4 - HKLM\..\Run: [FbNzUikUL] C:\documents and settings\mr. ali\local settings\temp\FbNzUikUL.exe
O4 - HKLM\..\Run: [4RWSJH2329JQ@7] C:\WINDOWS\System32\LgnJ8V3.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AutoLoaderqw7q1KMRdKLZ] "C:\WINDOWS\System32\adsrepl.exe" /PC="AM.WILD" /HideUninstall
O4 - HKLM\..\Run: [q3oW38R] adsrepl.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [a] C:\documents and settings\mr. ali\local settings\temp\a.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [hSi] C:\documents and settings\mr. ali\local settings\temp\hSi.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [ihjcnc] C:\WINDOWS\System32\ihjcnc.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [wdyseezuetskd] C:\WINDOWS\System32\actoer.exe
O4 - HKLM\..\Run: [SESync] "C:\Program Files\SED\SED.exe"
O4 - HKLM\..\Run: [Proxyshow] C:\PROGRA~1\ABOUTB~1\Open Great.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [amok inter 01 cash] C:\Documents and Settings\All Users\Application Data\stop joy amok inter\KindBalm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\wupdmgr.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Ppea] C:\Documents and Settings\Mr. Ali\Application Data\waca.exe
O4 - HKCU\..\Run: [WAPI] C:\WINDOWS\System32\wtsit.exe
O4 - HKCU\..\Run: [b076RUd9i] rdssrpcn.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Tsa] C:\PROGRA~1\COMMON~1\tsa\tsm.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.nuker.com/products/swn2004/installers/default/SpyWareNukerInstaller.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {91BE8DAC-957E-416C-B735-E2B63CDB915B} - http://www.myemessenger.com/activex/MyEMessengerSetupProject.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta_reg/soesysinfo.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
j

j .

Legacy Member
@ DyNaRaX:
verwijder:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = +w
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Rund/Prive/Html/start/start.html
beide waarschijnlijk kapers
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {3788612F-E069-2DCC-8752-6C557BDC2F1E} - C:\WINDOWS\System32\obkr.dll
O2 - BHO: (no name) - {6F896D7C-B736-299A-8752-6C557BD32D1E} - C:\WINDOWS\System32\wzkturbr.dll (file missing)
O4 - HKCU\..\Run: [Oomm] C:\Documents and Settings\Rund\Application Data\tuso.exe
O4 - HKCU\..\Run: [Jfi] C:\WINDOWS\System32\wdb.exe
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/...der/install.cab
O16 - DPF: {E3802230-F0E2-4A75-9947-EAB78DD8153F} (InstallerX Class) - http://www.euroklik.nl/cab/EroWebInstaller.cab


Overbodig:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

Dit lijkt me veilig, screensaver of spelletje?
O4 - HKLM\..\Run: [Aqua.exe] Aqua.exe

Wordt beschouwd als spyware, maar heeft ook zijn functie: DameWare Mini Remote Control
C:\WINDOWS\SYSTEM32\DWRCS.EXE
Bron
D

DyNaRaX

Legacy Member
j . zei:
@ DyNaRaX:
verwijder:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Rund/Prive/Html/start/start.html
beide waarschijnlijk kapers

Wordt beschouwd als spyware, maar heeft ook zijn functie: DameWare Mini Remote Control
C:\WINDOWS\SYSTEM32\DWRCS.EXE
Bron
Klik om te vergroten...

diene start.html is de startpagina van mijn broer, zelfgemaakt html bestand met favoriete links, is dus zeker geen spyware.

En Dameware is ook normaal, ik was geconnecteerd vanop mijn pc, te tam om naar de kamer van mijn broer te gaan ;)
j

j .

Legacy Member
@ shiva:
Scan eens in veilige modus op virussen: TrojanDownloader.Win32. Agent.y, peper trojan, TROJ_AGENT.CF


Gebruik ook spybot saerch&destroy (voor LSP-fix)

verwijder:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mcitsychaeuldefipnt.com/...rGT3RFZ4mok.cgi
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Mr. Ali\Local Settings\Temp\f9.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE
O4 - HKLM\..\Run: [FbNzUikUL] C:\documents and settings\mr. ali\local settings\temp\FbNzUikUL.exe
O4 - HKLM\..\Run: [4RWSJH2329JQ@7] C:\WINDOWS\System32\LgnJ8V3.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AutoLoaderqw7q1KMRdKLZ] "C:\WINDOWS\System32\adsrepl.exe" /PC="AM.WILD" /HideUninstall
O4 - HKLM\..\Run: [q3oW38R] adsrepl.exe
O4 - HKLM\..\Run: [a] C:\documents and settings\mr. ali\local settings\temp\a.exe
O4 - HKLM\..\Run: [hSi] C:\documents and settings\mr. ali\local settings\temp\hSi.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [ihjcnc] C:\WINDOWS\System32\ihjcnc.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [wdyseezuetskd] C:\WINDOWS\System32\actoer.exe
O4 - HKLM\..\Run: [SESync] "C:\Program Files\SED\SED.exe"
O4 - HKLM\..\Run: [Proxyshow] C:\PROGRA~1\ABOUTB~1\Open Great.exe
O4 - HKLM\..\Run: [amok inter 01 cash] C:\Documents and Settings\All Users\Application Data\stop joy amok inter\KindBalm.exe
O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\wupdmgr.exe
O4 - HKCU\..\Run: [Ppea] C:\Documents and Settings\Mr. Ali\Application Data\waca.exe tenzij je weet wat het is
O4 - HKCU\..\Run: [WAPI] C:\WINDOWS\System32\wtsit.exe anti-pornografiefilter; zeer dom programma: verwijdert assets.exe omdat het het woord "ass" bevat :D
O4 - HKCU\..\Run: [b076RUd9i] rdssrpcn.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab



Heb je dit erop gezet?
O4 - HKCU\..\Run: [Tsa] C:\PROGRA~1\COMMON~1\tsa\tsm.exe

Waarschijnlijk in orde, als je het herkent:
O16 - DPF: {91BE8DAC-957E-416C-B735-E2B63CDB915B} - http://www.myemessenger.com/activex...etupProject.cab

Ik hoop dat ik niets gemist heb ;)
Zet bescherming tegen spyware op (zie sticky: minstens spywareblaster, spywareguard, startupmonitor).
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan