antivirus.startpagina.nl

Er word steeds naar mijn creditcard gevraagd

  • Anonymous avatar

    Eric

    Sorry, ik had niet gescand bij panda.

    Ben ik nu aan het doen.

  • Anonymous avatar

    Eric

    Hallo,

    Ik moet vanavond weg, dus ik kan nu niet meer laten weten hoe het gaat.

    De scan bij panda loopt nu en zo te zien zijn er al 4 virussen disinfected.

    Morgen laat ik de resultaten wel even weten.

    Zeer, zeer, zeer veel dank!!!!

  • Anonymous avatar

    Eric

    hallo,

    Ik heb gescand bij panda, 7 virussen ontdekt en verwijderd.

    Hierna waren de bestanden cmd32.exe en scagent.exe niet meer op deze computer aanwezig.

    Ook nog gescand met housecall, niets gevonden.

    Daarna met bitdefender en deze vond er wel weer 2.

    Als ik HJT probeer te starten vanaf de harde schijf dan krijg ik de melding: ongeldige bewerking uitgevoerd, prog. zal worden afgesloten.

    Meteen openen na downloaden gaat wel.

    De logjes:

    Logfile of HijackThis v1.99.1

    Scan saved at 15:48:45, on 20-10-2005

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\drivers\CDAC11BA.EXE

    C:\WINDOWS\System32\nvsvc32.exe

    C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe

    C:\WINDOWS\System32\svchost.exe

    C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe

    C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

    C:\WINDOWS\Explorer.EXE

    C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe

    C:\WINDOWS\System32\CTHELPER.EXE

    C:\Program Files\Apacer USB Device\shwicon.exe

    C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe

    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Windows Media Player\wmplayer.exe

    C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\ATSHWFAL\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.planet.nl:8080

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    R3 - Default URLSearchHook is missing

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\Run: anvshell.exe

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: nwiz.exe /install

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: CTHELPER.EXE

    O4 - HKLM\..\Run: C:\WINDOWS\UpdReg.EXE

    O4 - HKLM\..\Run: “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Apacer USB Device\shwicon.exe” -t“Apacer Technology Inc.\Apacer USB Device v1.16e012”

    O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime

    O4 - HKLM\..\Run: “C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe”

    O4 - HKCU\..\Run: “C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE”

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

    O9 - Extra ‘Tools’ menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab

    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

    O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://K:\setup\RiffLick.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123774304154

    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://mozart.amadeus-hotel.com:82/activex/AMC.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{B00B6026-696A-4D78-A867-62BED7C5CA2A}: NameServer = 195.121.1.34 195.121.1.66

    O21 - SSODL: ASUS Probe V2.19.00 - {315C1991-1C8C-2CB8-9B02-79588D64D624} - c:\program files\asus\probe\oxiov32.dll (file missing)

    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe

    O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent.exe" start (file missing)

    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe

    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe

    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

    ————————————————————————————————————————————–

    BitDefender Online Scanner

    Scan report generated at: Thu, Oct 20, 2005 - 15:41:14

    Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;

    Statistics

    Time

    00:26:47

    Files

    129484

    Folders

    4071

    Boot Sectors

    6

    Archives

    1275

    Packed Files

    15108

    Results

    Identified Viruses

    2

    Infected Files

    2

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    2

    Engines Info

    Virus Definitions

    224177

    Engine build

    AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

    Scan plugins

    13

    Archive plugins

    39

    Unpack plugins

    4

    E-mail plugins

    6

    System plugins

    1

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    D:\Diversen\kl200nb2.exe=>(Instyler o)=>(Instyler Module 11)

    Infected with: Trojan.Downloader.Small.AGQ

    D:\Diversen\kl200nb2.exe=>(Instyler o)=>(Instyler Module 11)

    Disinfection failed

    D:\Diversen\kl200nb2.exe=>(Instyler o)=>(Instyler Module 11)

    Deleted

    D:\Diversen\kl200nb2.exe=>(Instyler o)

    Update failed

    D:\System Volume Information\_restore{210B4010-A7D5-45DD-A1A9-DB86C50BDDE7}\RP551\A0136512.exe=>(ZIP Sfx s)=>connect.exe

    Detected with: Application.Dialer.UQ

    D:\System Volume Information\_restore{210B4010-A7D5-45DD-A1A9-DB86C50BDDE7}\RP551\A0136512.exe=>(ZIP Sfx s)=>connect.exe

    Disinfection failed

    D:\System Volume Information\_restore{210B4010-A7D5-45DD-A1A9-DB86C50BDDE7}\RP551\A0136512.exe=>(ZIP Sfx s)=>connect.exe

    Deleted

    D:\System Volume Information\_restore{210B4010-A7D5-45DD-A1A9-DB86C50BDDE7}\RP551\A0136512.exe=>(ZIP Sfx s)

    Updated

    D:\System Volume Information\_restore{210B4010-A7D5-45DD-A1A9-DB86C50BDDE7}\RP551\A0136512.exe

    Update failed

  • Anonymous avatar

    Erik

    Hoi Eric,

    Je moet hijackthis.exe of op je buroblad plaatsen of in een eigen map, het start nu op vanuit een tijdelijke map.

    Update je windows of zeg eerlijk dat je geen legale versie bezit ;-)

    Je logje ziet er weer beter uit :-D