Mededeling

**smeenk** · 05-04-08, 08:14

Start Hijackthis en vink alleen de volgende regels aan:
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Com Service] comservice.exe
O4 - HKLM\..\RunServices: [Com Service] comservice.exe
Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

Herstart daarna je computer.

Post na de herstart een nieuw logje van Hijackthis

**spy99** · 05-04-08, 18:52

spyware

hey, bedankt voor je antwoord. Ik heb gedaan wat je zei en hierbij mijn nieuwe hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 18:48:12, on 5-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\WinZip E-Mail Companion\loadwzco.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\downloads\spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WinZip E-Mail Companion OEAPI] "C:\Program Files\WinZip E-Mail Companion\loadwzco.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

**smeenk** · 05-04-08, 22:49

Download dit bestand: zoek.exe
Dubbelklik het, na een tijdje opent er een logje.
Post de inhoud van dit logje in je volgende bericht

**spy99** · 12-04-08, 00:26

logje

Sorry voor de late reactie, was effe paar daagjes weg. Hierbij het logje;

======C:\WINDOWS====
----a-w 0 2008-04-11 16:05:39 C:\WINDOWS\0.log
--s-a-w 2,048 2008-04-11 16:05:36 C:\WINDOWS\bootstat.dat
----a-w 243,753 2008-04-09 21:49:48 C:\WINDOWS\comsetup.log
----a-w 694,944 2008-04-09 21:49:47 C:\WINDOWS\FaxSetup.log
----a-w 109,732 2008-04-09 21:49:48 C:\WINDOWS\iis6.log
----a-w 1,355 2008-04-09 21:49:41 C:\WINDOWS\imsins.BAK
----a-w 1,355 2008-04-09 21:49:48 C:\WINDOWS\imsins.log
----a-w 18,714 2008-04-09 21:49:41 C:\WINDOWS\KB941693.log
----a-w 12,052 2008-04-09 21:48:41 C:\WINDOWS\KB945553.log
----a-w 20,490 2008-04-09 21:49:37 C:\WINDOWS\KB947864-IE7.log
----a-w 12,727 2008-04-09 21:49:23 C:\WINDOWS\KB948590.log
----a-w 14,263 2008-04-09 21:49:47 C:\WINDOWS\KB948881.log
----a-w 35,295 2008-04-09 21:49:47 C:\WINDOWS\msgsocm.log
----a-w 116 2008-04-09 09:40:38 C:\WINDOWS\NeroDigital.ini
----a-w 146,563 2008-04-09 21:49:48 C:\WINDOWS\ntdtcsetup.log
----a-w 343,754 2008-04-09 21:49:47 C:\WINDOWS\ocgen.log
----a-w 43,318 2008-04-09 21:49:48 C:\WINDOWS\ocmsn.log
----a-w 32,368 2008-04-11 16:04:20 C:\WINDOWS\SchedLgU.Txt
----a-w 180,203 2008-03-14 18:53:53 C:\WINDOWS\setupact.log
----a-w 249,064 2008-04-11 16:08:25 C:\WINDOWS\setupapi.log
----a-w 98,304 2008-03-15 15:04:42 C:\WINDOWS\system32CmdLineExt.dll
----a-w 272,575 2008-04-09 21:49:48 C:\WINDOWS\tsoc.log
----a-w 84,306 2008-04-09 21:49:33 C:\WINDOWS\updspapi.log
----a-w 159 2008-04-11 16:05:38 C:\WINDOWS\wiadebug.log
----a-w 49 2008-04-11 16:05:38 C:\WINDOWS\wiaservc.log
----a-w 629 2008-03-12 22:20:14 C:\WINDOWS\win.ini
----a-w 1,522,081 2008-04-11 21:53:08 C:\WINDOWS\WindowsUpdate.log

Entries: 27 (26)
Directories: 0 Files: 27
Bytes: 4,140,217 Blocks: 8,099
======C:\WINDOWS\system32=====
----a-w 134,872 2008-04-11 16:01:43 C:\WINDOWS\System32\FNTCACHE.DAT
----a-w 34,064 2008-03-28 19:13:00 C:\WINDOWS\System32\lhacm.acm
----a-w 19,836,024 2008-04-06 05:56:20 C:\WINDOWS\System32\MRT.exe
----a-w 62,480 2008-03-31 17:04:49 C:\WINDOWS\System32\perfc009.dat
----a-w 81,380 2008-03-31 17:04:49 C:\WINDOWS\System32\perfc013.dat
----a-w 401,200 2008-03-31 17:04:49 C:\WINDOWS\System32\perfh009.dat
----a-w 465,926 2008-03-31 17:04:49 C:\WINDOWS\System32\perfh013.dat
----a-w 1,022,246 2008-03-31 17:04:49 C:\WINDOWS\System32\PerfStringBackup.INI
----a-w 107,832 2008-04-11 16:09:08 C:\WINDOWS\System32\PnkBstrB.exe
----a-w 1,845,376 2008-03-20 08:10:47 C:\WINDOWS\System32\win32k.sys
----a-w 12,706 2008-04-11 16:01:47 C:\WINDOWS\System32\wpa.dbl
----a-w 41,296 2008-04-02 23:26:06 C:\WINDOWS\System32\xfcodec.dll

Entries: 12 (12)
Directories: 0 Files: 12
Bytes: 24,045,402 Blocks: 46,970
======C:\WINDOWS\system32\drivers=====
----a-w 22,328 2008-04-11 16:09:52 C:\WINDOWS\System32\drivers\PnkBstrK.sys

Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 22,328 Blocks: 44
=======C:\Program Files=====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=======C:=====
----a-w 352,449 2008-04-02 14:17:09 C:\nota1_danielKatier.jpg
--sha-w 2,145,386,496 2008-04-11 16:05:31 C:\pagefile.sys

Entries: 2 (1)
Directories: 0 Files: 2
Bytes: 2,145,738,945 Blocks: 4,190,897
======C:\Documents and Settings\windows\Application Data======
----a-w 22,112 2008-03-26 19:25:05 C:\Documents and Settings\windows\Application Data\GDIPFONTCACHEV1.DAT

Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 22,112 Blocks: 44
======C:\Temp======
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
======C:\Documents and Settings\windows======
----a-w 4,718,592 2008-04-11 22:23:05 C:\Documents and Settings\windows\NTUSER.DAT
----a-w 28,672 2008-04-11 22:23:05 C:\Documents and Settings\windows\ntuser.dat.LOG
--sh--w 288 2008-04-11 16:04:19 C:\Documents and Settings\windows\ntuser.ini

Entries: 3 (2)
Directories: 0 Files: 3
Bytes: 4,747,552 Blocks: 9,273
======C:\WINDOWS\Downloaded Program Files====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=============

Overigens mijn laatste scan heeft het volgende in quarantine gezet:

obj[0]=IECache Entry : Cookie:[email protected]/server_info/213.19.131.212:27960/
obj[1]=IECache Entry : Cookie:[email protected]/
obj[2]=IECache Entry : Cookie:[email protected]/
obj[3]=IECache Entry : Cookie:[email protected]/
obj[4]=IECache Entry : Cookie:[email protected]/
obj[5]=IECache Entry : Cookie:[email protected]/
obj[6]=IECache Entry : Cookie:[email protected]/
obj[7]=IECache Entry : Cookie:[email protected]/
obj[8]=IECache Entry : Cookie:[email protected]/
obj[9]=IECache Entry : Cookie:[email protected]/
obj[10]=IECache Entry : Cookie:[email protected]/
obj[11]=IECache Entry : Cookie:[email protected]/
obj[12]=IECache Entry : Cookie:[email protected]/
obj[13]=IECache Entry : Cookie:[email protected]/
obj[14]=IECache Entry : Cookie:[email protected]/server_info/85.92.143.13:27960/
obj[15]=IECache Entry : Cookie:[email protected]/server/213.19.131.212:27960/player/%2APIMP%2AAntra/
obj[16]=IECache Entry : Cookie:[email protected]/
obj[17]=IECache Entry : Cookie:[email protected]/
obj[18]=IECache Entry : Cookie:[email protected]/
obj[19]=IECache Entry : Cookie:[email protected]/

**smeenk** · 12-04-08, 11:30

Ik zie niets verkeerds meer

Verwijder het volgende bestand als het nog aanwezig is:
C:\WINDOWS\system32\comservice.exe

Zijn er nog problemen?

**spy99** · 21-04-08, 00:36

Hey,

Kon het bestandje C:\WINDOWS\system32\comservice.exe niet vinden.
Denk dat het wel in orde is, computer loopt goed.
Laatste scan:

obj[0]=IECache Entry : Cookie:[email protected]/server_info/213.19.131.212:27960/
obj[1]=IECache Entry : Cookie:[email protected]/
obj[2]=IECache Entry : Cookie:[email protected]/
obj[3]=IECache Entry : Cookie:[email protected]/

thx !

**smeenk** · 21-04-08, 00:43

Graag gedaan hoor

Wat je net poste waren slechts enkele cookies.

Of cookies echt een groot probleem vormen betwijfel ik

Het is wel verstandig "indirecte" of "third party" cookies te blokkeren.
Dat doe je als volgt:

Internet Explorer 6:
Extra
Internet-opties
tabblad Privacy
knop Geavanceerd
vinkje plaatsen voor "Automatische cookie-verwerking opheffen"
onder "Indirecte cookies" een vinkje plaatsen voor: "Blokkeren"
OK, OK

Firefox:
Tools
Options
Privacy
Cookies
aanvinken: "for the originating site only"

Installeer verder SpywareBlaster, dat programma blokkeert ook tracking cookies.
http://www.nucia.eu/toonhandleiding....ndleidingid=12.

Met behulp van Ccleaner kan je ook cookies verwijderen, dit programma heeft een optie waarmee je instellen kan welke cookies behouden dienen te worden omdat je deze nodig hebt om in te loggen bij bepaalde websites. Alle overige cookies kunnen dan probleemloos verwijderd worden.

Groeten smeenk

Mededeling

spyware yieldmanager gametracker ?

spyware yieldmanager gametracker ?

Comment

Comment

Comment

Comment

Comment

Comment

Comment