Mededeling

Collapse
No announcement yet.

unkown trojan

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • unkown trojan

    ik heb nu bijna 2 weken geleden een trojan op mijn laptop gekregen
    eerst kwam het berichtje met system error, dan een tekstje met daarin dat er een "unkown trojan" was en dat ik spyware moest downloaden

    na verschillende programma's te hebben gedownload die mijn laptop hebben gescand ben ik nu van het berichtje af maar het programma spyware docter blijft aangeven dat het virus nog steeds toegang probeerd te krijgen tot internet maar dat deze hem blokkeert

    ik weet niet meer wat ik nu moet doen dus ik hoop dat jullie mij kunnen helpen want ik wordt er helemaal gek van

    hier is mijn HijjackThis Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:54:11, on 8-4-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Common Files\Ulead Systems\Autodetector\Monitor.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Media Player Codec - {3084A75F-5350-4D8B-BC5F-6B378035C133} - C:\Windows\dsaip32b.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: w98Eject.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldnl-nl.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 12910 bytes

  • #2
    Hallo,


    Schakel Spybot's TeaTimer even uit, omdat deze de fix in de weg kan zitten:
    - Start Spybot
    - Ga naar Mode > selecteer Advanced Mode
    - Ga naar Tools en klik op het Resident-icoon in de lijst
    - Haal het vinkje weg bij Resident TeaTimer en klik OK
    - Herstart de computer

    Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
    Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.
    Als de computer schoon is, kun je TeaTimer weer aan zetten



    Download SDFix en klik op "uitvoeren".
    Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

    Herstart de pc in de veilige modus.
    Safe mode for Windows XP
    Herstart de computer
    Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
    Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
    Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter

    Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
    Typ Y en klik enter om het schoonmaakproces te starten.
    Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
    De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
    De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te be?indigen en je bureaubladiconen weer te laden.
    Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
    Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log


    succes

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      ik krijg het niet voor elkaar

      ik heb volgens mij spybot teatimer goed uitgeschakeld (heb de nederlandse en heb Resident weggehaald! is dit oke?)

      vervolgens heb ik SDfix op mijn laptop gezet

      maar als ik hem dan opstart in de veilige modus en dubbelklik op RunThis.bat zie ik 1 seconde het schermpje en springt hij weer weg. ik kan hier dus niet Y invullen

      wat nu?

      Comment


      • #4
        Hmm,

        Ik ga eens vragen hoe dat komt.

        Probeer deze eens.

        Download Malwarebytes' Anti-Malware op je bureaublad.
        Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
        Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
        Druk daarna op "Finish".
        Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
        Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
        Druk dan op de knop "Start Scan".
        Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
        Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
        Als het programma je computer wil laten herstarten, sta je dit toe.
        Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
        Post deze log in je volgende bericht.

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          oke dit werkte wel hier het logje dat ik kreeg toen hij klaar was met scannen

          wat nu verder?

          Malwarebytes' Anti-Malware 1.11
          Database versie: 599

          Scan type: Volledige Scan (C:\|D:\|E:\|)
          Objecten gescand: 140937
          Verstreken tijd: 1 hour(s), 8 minute(s), 13 second(s)

          Geheugenprocessen geïnfecteerd: 0
          Geheugenmodulen geïnfecteerd: 0
          Registersleutels geïnfecteerd: 10
          Registerwaarden geïnfecteerd: 0
          Registerdata bestanden geïnfecteerd: 0
          Mappen geïnfecteerd: 0
          Bestanden geïnfecteerd: 0

          Geheugenprocessen geïnfecteerd:
          (Geen kwaadaardige items gevonden)

          Geheugenmodulen geïnfecteerd:
          (Geen kwaadaardige items gevonden)

          Registersleutels geïnfecteerd:
          HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\dsaip32b.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{3084a75f-5350-4d8b-bc5f-6b378035c133} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\AppID\{3084a75f-5350-4d8b-bc5f-6b378035c133} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3084a75f-5350-4d8b-bc5f-6b378035c133} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\dsaip32b.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dsaip32b.Video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\FilesSecure (Rogue.Files-Secure) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Files Secure (Rogue.Files-Secure) -> Quarantined and deleted successfully.

          Registerwaarden geïnfecteerd:
          (Geen kwaadaardige items gevonden)

          Registerdata bestanden geïnfecteerd:
          (Geen kwaadaardige items gevonden)

          Mappen geïnfecteerd:
          (Geen kwaadaardige items gevonden)

          Bestanden geïnfecteerd:
          (Geen kwaadaardige items gevonden)

          Comment


          • #6
            ik denk dat het er nu af is. Spyware docter geeft geen bericht meer dat het er nog zit

            moet ik nog een hijackthislog geven?

            hoe weet ik nou zeker dat het niet meer terug komt? want is het er nu volledig af?

            Comment


            • #7
              ja aub een nieuw HJT logje en dan zal ik eens kijken of ik nog wat zie.

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                hier een nieuw Hijackthislogje

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 9:54:11, on 8-4-2008
                Platform: Windows Vista (WinNT 6.00.1904)
                MSIE: Internet Explorer v7.00 (7.00.6000.16609)
                Boot mode: Normal

                Running processes:
                C:\Windows\System32\smss.exe
                C:\Windows\system32\csrss.exe
                C:\Windows\system32\wininit.exe
                C:\Windows\system32\csrss.exe
                C:\Windows\system32\winlogon.exe
                C:\Windows\system32\services.exe
                C:\Windows\system32\lsass.exe
                C:\Windows\system32\lsm.exe
                C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe
                C:\Windows\System32\svchost.exe
                C:\Windows\System32\svchost.exe
                C:\Windows\System32\svchost.exe
                C:\Windows\system32\svchost.exe
                C:\Windows\system32\SLsvc.exe
                C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe
                c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                C:\Windows\system32\Dwm.exe
                C:\Windows\Explorer.EXE
                C:\Windows\System32\spoolsv.exe
                C:\Windows\system32\svchost.exe
                C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                C:\Windows\system32\svchost.exe
                C:\Program Files\Spyware Doctor\pctsAuxs.exe
                C:\Program Files\Spyware Doctor\pctsSvc.exe
                C:\Windows\system32\svchost.exe
                C:\Windows\System32\svchost.exe
                C:\Program Files\Spyware Doctor\pctsTray.exe
                C:\Windows\system32\SearchIndexer.exe
                C:\Windows\system32\DRIVERS\xaudio.exe
                C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
                C:\Program Files\Windows Defender\MSASCui.exe
                C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                C:\Windows\System32\hkcmd.exe
                C:\Windows\System32\igfxpers.exe
                C:\Program Files\HP\QuickPlay\QPService.exe
                C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
                C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
                C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
                C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
                C:\Program Files\Java\jre1.6.0\bin\jusched.exe
                C:\Program Files\Common Files\Ulead Systems\Autodetector\Monitor.exe
                C:\Program Files\QuickTime\qttask.exe
                C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
                C:\Program Files\SPYWAREfighter\spftray.exe
                C:\Program Files\Windows Sidebar\sidebar.exe
                C:\Program Files\Windows Media Player\wmpnscfg.exe
                C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                C:\Windows\system32\wbem\wmiprvse.exe
                C:\Program Files\Windows Media Player\wmpnetwk.exe
                C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
                C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
                C:\Program Files\SPYWAREfighter\spfprc.exe
                C:\Windows\system32\wbem\wmiprvse.exe
                C:\Program Files\Internet Explorer\ieuser.exe
                C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
                C:\Program Files\Internet Explorer\iexplore.exe
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop
                R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                O1 - Hosts: ::1 localhost
                O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
                O2 - BHO: Media Player Codec - {3084A75F-5350-4D8B-BC5F-6B378035C133} - C:\Windows\dsaip32b.dll (file missing)
                O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
                O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
                O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
                O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
                O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
                O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
                O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
                O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
                O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
                O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
                O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
                O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
                O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
                O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
                O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
                O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
                O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
                O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
                O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
                O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                O4 - Global Startup: w98Eject.lnk = ?
                O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
                O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                O13 - Gopher Prefix:
                O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldnl-nl.cab
                O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
                O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
                O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
                O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
                O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
                O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
                O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
                O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
                O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
                O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
                O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
                O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

                --
                End of file - 12910 bytes

                Comment


                • #9
                  Hallo,

                  Schakel tijdelijk Windows Defender uit
                  Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken)
                  * Open Windows Defender > Klik Tools
                  * Klik "General Settings" of Options
                  * Scroll naar "Real Time Protection Options"
                  * Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
                  * Sluit Windows Defender
                  (als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)



                  Schakel Spybot's TeaTimer even uit, omdat deze de fix in de weg kan zitten:
                  - Start Spybot
                  - Ga naar Mode > selecteer Advanced Mode
                  - Ga naar Tools en klik op het Resident-icoon in de lijst
                  - Haal het vinkje weg bij Resident TeaTimer en klik OK
                  - Herstart de computer

                  Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
                  Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.
                  Als de computer schoon is, kun je TeaTimer weer aan zetten



                  Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
                  Kies voor 'Do a system scan only'
                  Selecteer alleen de items die hieronder zijn genoemd:

                  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                  O2 - BHO: Media Player Codec - {3084A75F-5350-4D8B-BC5F-6B378035C133} - C:\Windows\dsaip32b.dll (file missing)


                  Sluit alle vensters behalve Hijackthis
                  Klik op 'Fix checked' om de items te verwijderen.

                  Download Java Runtime Environment (JRE) 6u5.
                  • Scroll omlaag naar : "Java Runtime Environment (JRE) 6 Update 5".
                  • Klik op de "Download" knop aan de rechterkant.
                  • Vink aan: "Accept License Agreement", en klik op Continue.
                  • De pagina zal herladen.
                  • Klik op de Windows Offline Installation, Multi-language link ONDER Windows Platform - Java SE Runtime Environment 6 Update 5 en bewaar het op je Bureaublad.
                  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                  • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
                  • Herhaal dit tot alle oudere versies verdwenen zijn.
                  • Na het verwijderen van alle oudere versies, herstart je pc.
                  • Dubbelklik vervolgens op jre-6u5-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                  Plaats even een nieuw HJT logje en vertel gelijk even hoe het gaat.

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    ik heb alles uitgevoerd maar ik loop vast bij het verwijderen van de oude java gegevens, ik heb namelijk gezocht op mijn pc en ik kan geen map met software vinden op het configuratiescherm!

                    in die lijst op het configuratiemap staat wel java maar ik weet verder niet zo goed wat ik nou hiermee moet doen!

                    Comment


                    • #11
                      Doe het maar zo goed je kan.

                      Windows 10 opstarten in Veilige Modus

                      Comment


                      • #12
                        ik krijg het echt niet voor elkaar om de jre files van java eraf te gooien! hij zegt steeds dat ik hier geen toegang voor heb en dat ik het maar opnieuw moet proberen! het gaat hier om de bin-map die hij niet wil verwijderen!

                        wat nu?

                        Comment


                        • #13
                          Je hebt de nieuwe java er wel op staan nu, als je dan verder geen last hebt kan je die ene wel laten staan.

                          Download ATF cleaner (gemaakt door Atribune)
                          Dubbelklik op ATF cleaner om het programma te starten.
                          Op het tabblad "Main", plaats je een vinkje bij Select All.
                          Klik op de knop Empty Selected.

                          Het volgende doen als je ook FireFox als browser hebt:
                          Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                          Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                          (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                          Klik op de knop Empty Selected.

                          Het volgende doen als je ook Opera als browser hebt:
                          Klik op tabblad "Opera", plaats een vinkje bij Select All.
                          Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                          Klik op de knop Empty Selected.
                          Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.


                          Hoe staat het met je problemen ??

                          Windows 10 opstarten in Veilige Modus

                          Comment


                          • #14
                            ik heb nu nergens meer last van, geen meldingen en mijn laptop is ook weer een stuk sneller geworden

                            hier nog een HijackThis logje

                            Logfile of Trend Micro HijackThis v2.0.2
                            Scan saved at 9:54:11, on 8-4-2008
                            Platform: Windows Vista (WinNT 6.00.1904)
                            MSIE: Internet Explorer v7.00 (7.00.6000.16609)
                            Boot mode: Normal

                            Running processes:
                            C:\Windows\System32\smss.exe
                            C:\Windows\system32\csrss.exe
                            C:\Windows\system32\wininit.exe
                            C:\Windows\system32\csrss.exe
                            C:\Windows\system32\winlogon.exe
                            C:\Windows\system32\services.exe
                            C:\Windows\system32\lsass.exe
                            C:\Windows\system32\lsm.exe
                            C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe
                            C:\Windows\System32\svchost.exe
                            C:\Windows\System32\svchost.exe
                            C:\Windows\System32\svchost.exe
                            C:\Windows\system32\svchost.exe
                            C:\Windows\system32\SLsvc.exe
                            C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe
                            c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                            c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                            C:\Windows\system32\Dwm.exe
                            C:\Windows\Explorer.EXE
                            C:\Windows\System32\spoolsv.exe
                            C:\Windows\system32\svchost.exe
                            C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                            C:\Windows\system32\svchost.exe
                            C:\Program Files\Spyware Doctor\pctsAuxs.exe
                            C:\Program Files\Spyware Doctor\pctsSvc.exe
                            C:\Windows\system32\svchost.exe
                            C:\Windows\System32\svchost.exe
                            C:\Program Files\Spyware Doctor\pctsTray.exe
                            C:\Windows\system32\SearchIndexer.exe
                            C:\Windows\system32\DRIVERS\xaudio.exe
                            C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                            C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
                            C:\Program Files\Windows Defender\MSASCui.exe
                            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                            C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                            C:\Windows\System32\hkcmd.exe
                            C:\Windows\System32\igfxpers.exe
                            C:\Program Files\HP\QuickPlay\QPService.exe
                            C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
                            C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
                            C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
                            C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
                            C:\Program Files\Java\jre1.6.0\bin\jusched.exe
                            C:\Program Files\Common Files\Ulead Systems\Autodetector\Monitor.exe
                            C:\Program Files\QuickTime\qttask.exe
                            C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                            C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
                            C:\Program Files\SPYWAREfighter\spftray.exe
                            C:\Program Files\Windows Sidebar\sidebar.exe
                            C:\Program Files\Windows Media Player\wmpnscfg.exe
                            C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                            C:\Windows\system32\wbem\wmiprvse.exe
                            C:\Program Files\Windows Media Player\wmpnetwk.exe
                            C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
                            C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
                            C:\Program Files\SPYWAREfighter\spfprc.exe
                            C:\Windows\system32\wbem\wmiprvse.exe
                            C:\Program Files\Internet Explorer\ieuser.exe
                            C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                            C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
                            C:\Program Files\Internet Explorer\iexplore.exe
                            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                            O1 - Hosts: ::1 localhost
                            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                            O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
                            O2 - BHO: Media Player Codec - {3084A75F-5350-4D8B-BC5F-6B378035C133} - C:\Windows\dsaip32b.dll (file missing)
                            O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
                            O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
                            O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
                            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                            O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                            O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                            O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                            O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
                            O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
                            O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
                            O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
                            O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
                            O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
                            O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
                            O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
                            O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
                            O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
                            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
                            O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
                            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                            O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                            O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
                            O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
                            O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
                            O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
                            O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
                            O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                            O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
                            O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                            O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                            O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                            O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                            O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                            O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                            O4 - Global Startup: w98Eject.lnk = ?
                            O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
                            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
                            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
                            O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                            O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                            O13 - Gopher Prefix:
                            O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldnl-nl.cab
                            O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
                            O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
                            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                            O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
                            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                            O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                            O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
                            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                            O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
                            O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                            O23 - Service: Wachtwoordvalidatie voor Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
                            O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                            O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                            O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                            O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                            O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
                            O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
                            O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                            O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
                            O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
                            O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
                            O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                            O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
                            O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

                            --
                            End of file - 12910 bytes

                            Comment


                            • #15
                              Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
                              Kies voor 'Do a system scan only'
                              Selecteer alleen de items die hieronder zijn genoemd:

                              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                              O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                              O2 - BHO: Media Player Codec - {3084A75F-5350-4D8B-BC5F-6B378035C133} - C:\Windows\dsaip32b.dll (file missing)

                              Sluit alle vensters behalve Hijackthis
                              Klik op 'Fix checked' om de items te verwijderen.


                              als je verder geen problemen hebt is het plaatsen van een nieuw HJT logje niet nodig.

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X