Mededeling

Collapse
No announcement yet.

Log van Bram

Collapse
X
  •  
  • Tijd
  • Show
Clear All
new posts

  • Log van Bram

    Hoi zouden jullie me log ff kunnen checken? Thanks alvast =)

    Logfile of HijackThis v1.98.2
    Scan saved at 11:26:42, on 12-11-2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Stardock\SDMCP.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\HJT\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Aangeboden door Bwammie
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O1 - Hosts: 169.254.88.43 NPID131C8
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
    O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ZDConfig] "C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Use as &Display Picture - C:\Program Files\IEDP2\IEDP.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Browser Spy Source View - {3FE18ADB-116B-4327-8FB8-F125B4CC2F51} - C:\Program Files\ChironexSoftware\BrowserSpy\BrowserSpy.dll (file missing)
    O9 - Extra 'Tools' menuitem: Browser Spy Source View - {3FE18ADB-116B-4327-8FB8-F125B4CC2F51} - C:\Program Files\ChironexSoftware\BrowserSpy\BrowserSpy.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Browser Spy Inspector - {F3494B2D-DCD1-4CC5-A688-D8D49CAB3180} - C:\Program Files\ChironexSoftware\BrowserSpy\BrowserSpy.dll (file missing)
    O9 - Extra 'Tools' menuitem: Browser Spy Inspector - {F3494B2D-DCD1-4CC5-A688-D8D49CAB3180} - C:\Program Files\ChironexSoftware\BrowserSpy\BrowserSpy.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1016_EN_XP.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1045_pack_XP.cab
    O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.1mal1.com/flatcast/NpFv412.dll
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
    O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab
    O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup151.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
    Last edited by Bwammie; 12-11-04, 10:26.
    www.bwammie.nl - www.keeponhosting.nl

  • #2
    Hi Bwammie,

    Het is handig om deze pagina op te slaan in je favorieten zodat je deze makkelijker kan vinden wanneer je terugkomt.

    Start HijackThis, klik op "Scan" and kruis de volgende onderdelen aan.

    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com

    O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll

    Je hebt PowerReg Scheduler in je log. Dit is een programma om je te herinneren aan registraties voor verschillende bedrijven. Het is niet nodig voor de werking van je computer en sommigen denken dat het rapporteert aan het bedrijf over je computer. Ik zou het herstellen...

    O4 - Startup: PowerReg Scheduler.exe

    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binarie...1016_EN_XP.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
    O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binarie...45_pack_XP.cab
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binarie...hv32_EN_XP.cab
    O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binarie...ce_5_EN_XP.cab


    Sluit alle programma's, inclusief browsers, behalve HijackThis. Klik op "Fix checked".

    Start je computer in beveiligde modus. Hoe start ik mijn computer in veilige modus?

    Zorg dat je verborgen bestanden kan zien. Hoe toon ik verborgen bestanden?

    Verwijder de volgende bestanden in rood (het kan zijn dat ze al verwijderd zijn):

    C:\WINDOWS\System32\kdpupd.dll

    Herstart de computer en post een nieuwe log in deze thread.

    Comment


    • #3
      C:\WINDOWS\System32\kdpupd.dll heb ik niet kunnen vinden de rest wel gedaan...

      Logfile of HijackThis v1.98.2
      Scan saved at 10:57:26, on 13-11-2003
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Stardock\SDMCP.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
      C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
      C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\Messenger Plus! 3\MsgPlus.exe
      C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE
      C:\Program Files\IMT Labs Messenger Plugin\Cloud.exe
      C:\WINDOWS\NCLAUNCH.EXe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\United Devices\UD.EXE
      C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
      C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
      C:\Program Files\United Devices\ud_7174683.exe
      C:\Program Files\United Devices\ud_7174683_0.dir\ud_ligfit_Release.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe
      C:\DOCUME~1\BRAMKR~1\LOCALS~1\Temp\~e5d141.tmp
      C:\DOCUME~1\BRAMKR~1\LOCALS~1\Temp\~e5d141.tmp
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\HJT\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Aangeboden door Bwammie
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O1 - Hosts: 169.254.88.43 NPID131C8
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
      O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
      O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
      O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
      O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
      O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [ZDConfig] "C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE"
      O4 - HKLM\..\Run: [CloudPlugin] "C:\Program Files\IMT Labs Messenger Plugin\Cloud.exe"
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
      O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
      O8 - Extra context menu item: Use as &Display Picture - C:\Program Files\IEDP2\IEDP.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
      O9 - Extra button: Browser Spy Source View - {3FE18ADB-116B-4327-8FB8-F125B4CC2F51} - C:\Program Files\ChironexSoftware\BrowserSpy\BrowserSpy.dll (file missing)
      O9 - Extra 'Tools' menuitem: Browser Spy Source View - {3FE18ADB-116B-4327-8FB8-F125B4CC2F51} - C:\Program Files\ChironexSoftware\BrowserSpy\BrowserSpy.dll (file missing)
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Browser Spy Inspector - {F3494B2D-DCD1-4CC5-A688-D8D49CAB3180} - C:\Program Files\ChironexSoftware\BrowserSpy\BrowserSpy.dll (file missing)
      O9 - Extra 'Tools' menuitem: Browser Spy Inspector - {F3494B2D-DCD1-4CC5-A688-D8D49CAB3180} - C:\Program Files\ChironexSoftware\BrowserSpy\BrowserSpy.dll (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
      O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.1mal1.com/flatcast/NpFv412.dll
      O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
      O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup151.cab
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
      O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
      www.bwammie.nl - www.keeponhosting.nl

      Comment


      • #4
        Hi Bwammie,

        C:\WINDOWS\System32\kdpupd.dll heb ik niet kunnen vinden de rest wel gedaan...
        Oh...

        Dan proberen we het op deze manier. Start Kladblok, kopieer en plak de tekst in het vak in een nieuw tekstbestand. Sla dit op als Verwijder.bat op je Bureaublad.

        Code:
        del c:\Windows\System32\kdpupd.dll
        Zoek Verwijder.bat op je Bureaublad en dubbelklik hierop.

        Open het Configuratiescherm, dan "Software" en "Programma's wijzigen of verwijderen". Selecteer de volgende onderdelen en klik op "Verwijderen" voor elk van deze:
        • BrowserSpy


        Start HijackThis, klik op "Scan" and kruis de volgende onderdelen aan.

        O9 - Extra button: Browser Spy Source View - {3FE18ADB-116B-4327-8FB8-F125B4CC2F51} - C:\Program Files\ChironexSoftware\BrowserSpy\BrowserSpy.dll (file missing)
        O9 - Extra 'Tools' menuitem: Browser Spy Source View - {3FE18ADB-116B-4327-8FB8-F125B4CC2F51} - C:\Program Files\ChironexSoftware\BrowserSpy\BrowserSpy.dll (file missing)
        O9 - Extra button: Browser Spy Inspector - {F3494B2D-DCD1-4CC5-A688-D8D49CAB3180} - C:\Program Files\ChironexSoftware\BrowserSpy\BrowserSpy.dll (file missing)
        O9 - Extra 'Tools' menuitem: Browser Spy Inspector - {F3494B2D-DCD1-4CC5-A688-D8D49CAB3180} - C:\Program Files\ChironexSoftware\BrowserSpy\BrowserSpy.dll (file missing)


        Sluit alle programma's, inclusief browsers, behalve HijackThis. Klik op "Fix checked".

        Start je computer in beveiligde modus. Hoe start ik mijn computer in veilige modus?

        Zorg dat je verborgen bestanden kan zien. Hoe toon ik verborgen bestanden?

        Mappen en bestanden met een tilde (~) betekenen dat er een map/bestand is dat begint met de 6 letters voor de tilde, houdt rekening ermee dat er spaties in kunnen staan. Als er meer dan één is, post dan wat gevonden is. Verwijder niet!

        Verwijder de volgende bestanden in rood (het kan zijn dat ze al verwijderd zijn):

        Alle bestanden in C:\Documents And Settings\BRAMKR~1\Local Settings\Temp

        Verwijder de volgende mappen in rood (het kan zijn dat deze al verwijderd zijn):

        C:\Program Files\ChironexSoftware

        Herstart de computer en post een nieuwe log in deze thread.

        Comment


        • #5
          O9 - Extra button: Browser Spy Source View - {3FE18ADB-116B-4327-8FB8-F125B4CC2F51} - C:\Program Files\ChironexSoftware\BrowserSpy\BrowserSpy.dll (file missing)
          O9 - Extra 'Tools' menuitem: Browser Spy Source View - {3FE18ADB-116B-4327-8FB8-F125B4CC2F51} - C:\Program Files\ChironexSoftware\BrowserSpy\BrowserSpy.dll (file missing)
          O9 - Extra button: Browser Spy Inspector - {F3494B2D-DCD1-4CC5-A688-D8D49CAB3180} - C:\Program Files\ChironexSoftware\BrowserSpy\BrowserSpy.dll (file missing)
          O9 - Extra 'Tools' menuitem: Browser Spy Inspector - {F3494B2D-DCD1-4CC5-A688-D8D49CAB3180} - C:\Program Files\ChironexSoftware\BrowserSpy\BrowserSpy.dll (file missing)
          waren weg na deinstalatie van browserspy...

          Logfile of HijackThis v1.98.2
          Scan saved at 11:42:37, on 13-11-2003
          Platform: Windows XP (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 (6.00.2600.0000)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\System32\Ati2evxx.exe
          C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
          C:\Program Files\Common Files\Stardock\SDMCP.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
          C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
          C:\WINDOWS\System32\snmp.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
          C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
          C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          C:\Program Files\Messenger Plus! 3\MsgPlus.exe
          C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
          C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE
          C:\Program Files\IMT Labs Messenger Plugin\Cloud.exe
          C:\WINDOWS\NCLAUNCH.EXe
          C:\WINDOWS\System32\ctfmon.exe
          C:\Program Files\Skype\Phone\Skype.exe
          C:\Program Files\United Devices\UD.EXE
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\Program Files\HJT\HijackThis.exe
          C:\WINDOWS\System32\wuauclt.exe
          C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
          C:\Program Files\United Devices\ud_7174683.exe
          C:\Program Files\United Devices\ud_7174683_0.dir\ud_ligfit_Release.exe
          C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\WINDOWS\System32\wuauclt.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Aangeboden door Bwammie
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O1 - Hosts: 169.254.88.43 NPID131C8
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
          O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
          O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
          O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
          O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
          O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
          O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
          O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
          O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [ZDConfig] "C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.EXE"
          O4 - HKLM\..\Run: [CloudPlugin] "C:\Program Files\IMT Labs Messenger Plugin\Cloud.exe"
          O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
          O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
          O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
          O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
          O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
          O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
          O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
          O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
          O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
          O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
          O8 - Extra context menu item: Use as &Display Picture - C:\Program Files\IEDP2\IEDP.htm
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
          O9 - Extra button: (no name) - {3FE18ADB-116B-4327-8FB8-F125B4CC2F51} - (no file)
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: (no name) - {F3494B2D-DCD1-4CC5-A688-D8D49CAB3180} - (no file)
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
          O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
          O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.1mal1.com/flatcast/NpFv412.dll
          O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
          O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup151.cab
          O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
          O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
          www.bwammie.nl - www.keeponhosting.nl

          Comment


          • #6
            Hi Bwammie,

            Deze log is schoon!

            Dit is de tijd om beveiliging op te zetten tegen toekomstige aanvallen. Lees het artikel achter deze link
            "How did I get infected" (Engels). Als je ze niet al hebt, je hebt nodig een uptodate antivirus, een goede firewall, bijvoorbeeld Kerio Personal Firewall of ZoneLabs Zone Alarm, een spyware blocker als SpywareBlaster en ook IE-Spyads en spyware detectie (Ad-aware SE en SpyBot S+D). Deze hebben allemaal goede gratis versies beschikbaar... wees op je hoede voor beveiligingssoftware die adverteert in popups of andere opdringerige manieren. Deze zijn gewoonlijk niet alleen slecht, vaak hebben ze andere troep in zich...

            In plaats van Internet Explorer, gebruik een andere browser zoals Opera, Mozilla of Firefox.

            En laatst, maar zeker niet minst, hou Windows en Internet Explorer up-to-date met de laatste beveilgings patches die je computer kan beveiligen.

            Dit kan je doen door naar http://windowsupdate.microsoft.com/ te gaan en de aanwijzingen op te volgen. Als je Windows XP draait, zorg dat je update naar SP-2!<---- Heel belangrijk... Je zit niet eens op SP-1!

            Post maar terug als er nog steeds problemen zijn.

            Comment

            Sorry, you are not authorized to view this page
            Working...
            X
            😀
            🥰
            🤢
            😎
            😡
            👍
            👎