Mededeling

Collapse
No announcement yet.

pc besmet

Collapse
X
Collapse
  •  
  • Page of 1
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    pc besmet

    Hallo,

    Ik weet dat mijn pc besmet is met PurityScan.W en heb al van alles geprobeerd (ad-aware spybot search & destroy trendmicro-online )maar veelal loopt de pc vast in deze programmas en moet ik heropstarten,misschien kan er via hijack iets gefixt worden.

    Alvast bedankt ,groetjes

    Martien
    Labels: Geen
      • Citaat
    • #2
      Ga naar http://www.nucia.eu

      Klik op HijackThis en maak, en post een logje zoals daar beschreven is.

      als je er niet uitkomt moet je het maar even laten weten

      Probeer ook deze online virusscan eens: http://www.pandasoftware.com/actives...f=EN-PR-AS-107


      Het rapaille dat per Przewalskipaard arriveerde bij het feeëriek gesitueerde etablissement - komma -

      "Verwar de waarheid niet met de mening van de meerderheid"
        • Citaat

        Comment

        • #3
          hallo,

          hier is de log panda scan wil ook niet lukken.

          Logfile of HijackThis v1.98.2
          Scan saved at 15:34:50, on 17/11/04
          Platform: Windows 98 SE (Win9x 4.10.2222A)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINDOWS\SYSTEM\KERNEL32.DLL
          C:\WINDOWS\SYSTEM\MSGSRV32.EXE
          C:\WINDOWS\SYSTEM\MPREXE.EXE
          C:\WINDOWS\SYSTEM\mmtask.tsk
          C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
          C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
          C:\PROGRAM FILES\ESET\NOD32KRN.EXE
          C:\WINDOWS\EXPLORER.EXE
          C:\WINDOWS\SYSTEM\SYSTRAY.EXE
          C:\WINDOWS\SYSTEM\TRIDTRAY.EXE
          C:\WINDOWS\LOADQM.EXE
          C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
          C:\WINDOWS\SYSTEM\STIMON.EXE
          D:\PROGRAM FILES\HP SHARE-TO-WEB\HPGS2WND.EXE
          C:\PROGRAM FILES\TELENET EASYCARE\SMARTBRIDGE\MOTIVESB.EXE
          C:\WINDOWS\SYSTEM\MSTASK.EXE
          C:\PROGRAM FILES\ESET\NOD32KUI.EXE
          C:\PROGRAM FILES\MEAYA\POPUP AD FILTER\POPFILTER.EXE
          C:\PROGRAM FILES\SIMPLE STAR\PHOTOSHOW DELUXE\DATA\XTRAS\MSSYSMGR.EXE
          C:\WINDOWS\APPLICATION DATA\BDEI.EXE
          C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
          D:\PROGRAM FILES\HP SHARE-TO-WEB\HPGS2WNF.EXE
          C:\WINDOWS\SYSTEM\WMIEXE.EXE
          C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
          C:\PROGRAM FILES\TELENET EASYCARE\BIN\MPBTN.EXE
          C:\WINDOWS\SYSTEM\DDHELP.EXE
          C:\WINDOWS\SYSTEM\TAPISRV.EXE
          C:\PROGRAM FILES\INCREDIMAIL\BIN\IMNOTFY.EXE
          C:\PROGRAM FILES\INCREDIBAR\BIN\IBMAIN.EXE
          C:\WINDOWS\DESKTOP\ONDERHOUD\HIJACK THIS\NEW\HIJACKTHIS.EXE
          C:\PROGRAM FILES\INCREDIMAIL\BIN\IMNOTFY.EXE

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.be/
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_19_0.DLL
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
          O2 - BHO: IBBHO Class - {12BA043E-293E-4CE4-A8C7-8460934FE801} - C:\PROGRAM FILES\INCREDIBAR\BIN\IBBHO.DLL
          O3 - Toolbar: IncrediBar - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\PROGRAM FILES\INCREDIBAR\BIN\IBTOOLBAR.DLL
          O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
          O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_19_0.DLL
          O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
          O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
          O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\Run: [TridTray] C:\WINDOWS\SYSTEM\tridtray.exe
          O4 - HKLM\..\Run: [LoadQM] loadqm.exe
          O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
          O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
          O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
          O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
          O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\HP Share-to-Web\hpgs2wnd.exe
          O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
          O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
          O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
          O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
          O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
          O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset\nod32krn.exe"
          O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
          O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
          O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\DATA\XTRAS\MSSYSMGR.EXE
          O4 - HKCU\..\Run: [Asat] C:\WINDOWS\Application Data\bdei.exe
          O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
          O4 - Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
          O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
          O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
          O9 - Extra button: (no name) - {F756A28D-DCD5-46be-BCAB-17C088D07227} - (no file)
          O9 - Extra button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\PROGRAM FILES\INCREDIBAR\BIN\IBTOOLBAR.DLL
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
          O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
          O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
          O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
          O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
          O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
          O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
          O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
          O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
          O16 - DPF: ChatSpace Full Java Client 2.1.0.89 - http://213.133.40.8:8000/Java/cs4fs089.cab
          O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - http://www.ravantivirus.com/scan/ravonline.cab
          O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
          O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
          O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
          O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
          O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp04.photoprintit.de/microsite/1287/defaults/activex/XUpload.ocx
          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
          O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
          O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
          O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
          O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab
          O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
          O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
          O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
            • Citaat

            Comment

            • #4
              Hi martien54,

              Start HijackThis, klik op "Scan" and kruis de volgende onderdelen aan.

              O4 - HKCU\..\Run: [Asat] C:\WINDOWS\Application Data\bdei.exe

              Sluit alle programma's, inclusief browsers, behalve HijackThis. Klik op "Fix checked".

              Start je computer in beveiligde modus. Hoe start ik mijn computer in veilige modus?

              Zorg dat je verborgen bestanden kan zien. Hoe toon ik verborgen bestanden?

              Verwijder de volgende bestanden in rood (het kan zijn dat ze al verwijderd zijn):

              C:\WINDOWS\Application Data\bdei.exe

              Herstart de computer en post een nieuwe log in deze thread.

              Waar zou PurityScan moeten zijn?
                • Citaat

                Comment

                • #5
                  hallo,

                  Hier is mijn nieuwe log
                  purityscan.w zou een trojaans paard moeten zijn want via een onlinescan(weet niet meer welke)kreeg ik de melding bde.exe besmet met trojan purityscan.w maar kon niets verwijderen ,verder gekeken op het net maar vond alleen maar engelse uitleg en begrijp dit niet goed genoeg
                  http://www.google.be/search?hl=nl&q=purityscan.w&meta=

                  bedankt en groetjes
                  Martien

                  Logfile of HijackThis v1.98.2
                  Scan saved at 13:14:38, on 18/11/04
                  Platform: Windows 98 SE (Win9x 4.10.2222A)
                  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                  Running processes:
                  C:\WINDOWS\SYSTEM\KERNEL32.DLL
                  C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                  C:\WINDOWS\SYSTEM\MPREXE.EXE
                  C:\WINDOWS\SYSTEM\mmtask.tsk
                  C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
                  C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
                  C:\PROGRAM FILES\ESET\NOD32KRN.EXE
                  C:\WINDOWS\EXPLORER.EXE
                  C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                  C:\WINDOWS\SYSTEM\TRIDTRAY.EXE
                  C:\WINDOWS\LOADQM.EXE
                  C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
                  C:\WINDOWS\SYSTEM\STIMON.EXE
                  D:\PROGRAM FILES\HP SHARE-TO-WEB\HPGS2WND.EXE
                  C:\PROGRAM FILES\ESET\NOD32KUI.EXE
                  C:\WINDOWS\SYSTEM\QTTASK.EXE
                  C:\PROGRAM FILES\MEAYA\POPUP AD FILTER\POPFILTER.EXE
                  C:\WINDOWS\SYSTEM\MSTASK.EXE
                  C:\PROGRAM FILES\SIMPLE STAR\PHOTOSHOW DELUXE\DATA\XTRAS\MSSYSMGR.EXE
                  C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
                  D:\PROGRAM FILES\HP SHARE-TO-WEB\HPGS2WNF.EXE
                  C:\WINDOWS\SYSTEM\WMIEXE.EXE
                  C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
                  C:\PROGRAM FILES\TELENET EASYCARE\BIN\MPBTN.EXE
                  C:\PROGRAM FILES\TELENET EASYCARE\SMARTBRIDGE\MOTIVESB.EXE
                  C:\PROGRAM FILES\INCREDIBAR\BIN\IBMAIN.EXE
                  C:\WINDOWS\SYSTEM\RNAAPP.EXE
                  C:\WINDOWS\SYSTEM\TAPISRV.EXE
                  C:\WINDOWS\DESKTOP\ONDERHOUD\HIJACK THIS\NEW\HIJACKTHIS.EXE

                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.be/
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_19_0.DLL
                  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
                  O2 - BHO: IBBHO Class - {12BA043E-293E-4CE4-A8C7-8460934FE801} - C:\PROGRAM FILES\INCREDIBAR\BIN\IBBHO.DLL
                  O3 - Toolbar: IncrediBar - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\PROGRAM FILES\INCREDIBAR\BIN\IBTOOLBAR.DLL
                  O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
                  O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_19_0.DLL
                  O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                  O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                  O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                  O4 - HKLM\..\Run: [TridTray] C:\WINDOWS\SYSTEM\tridtray.exe
                  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
                  O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
                  O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
                  O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
                  O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
                  O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\HP Share-to-Web\hpgs2wnd.exe
                  O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
                  O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
                  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
                  O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                  O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
                  O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
                  O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset\nod32krn.exe"
                  O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
                  O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
                  O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\DATA\XTRAS\MSSYSMGR.EXE
                  O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
                  O4 - Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
                  O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
                  O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
                  O9 - Extra button: (no name) - {F756A28D-DCD5-46be-BCAB-17C088D07227} - (no file)
                  O9 - Extra button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\PROGRAM FILES\INCREDIBAR\BIN\IBTOOLBAR.DLL
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
                  O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
                  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
                  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
                  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
                  O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
                  O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
                  O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
                  O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
                  O16 - DPF: ChatSpace Full Java Client 2.1.0.89 - http://213.133.40.8:8000/Java/cs4fs089.cab
                  O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - http://www.ravantivirus.com/scan/ravonline.cab
                  O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
                  O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
                  O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
                  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
                  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp04.photoprintit.de/microsite/1287/defaults/activex/XUpload.ocx
                  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
                  O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
                  O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
                  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
                  O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab
                  O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
                  O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
                  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
                    • Citaat

                    Comment

                    • #6
                      Hi martien54,

                      Hier is mijn nieuwe log
                      purityscan.w zou een trojaans paard moeten zijn want via een onlinescan(weet niet meer welke)kreeg ik de melding bde.exe besmet met trojan purityscan.w maar kon niets verwijderen ,verder gekeken op het net maar vond alleen maar engelse uitleg en begrijp dit niet goed genoeg
                      http://www.google.be/search?hl=nl&q=purityscan.w&meta=
                      Dan denk ik dat hij weg is. Ik denk dat je bdei.exe bedoelt die ik je weg liet halen in mijn vorige post.

                      Deze log is schoon!

                      Dit is de tijd om beveiliging op te zetten tegen toekomstige aanvallen. Lees het artikel achter deze link
                      "How did I get infected" (Engels). Als je ze niet al hebt, je hebt nodig een uptodate antivirus, een goede firewall, bijvoorbeeld Kerio Personal Firewall of ZoneLabs Zone Alarm, een spyware blocker als SpywareBlaster en ook IE-Spyads en spyware detectie (Ad-aware SE en SpyBot S+D). Deze hebben allemaal goede gratis versies beschikbaar... wees op je hoede voor beveiligingssoftware die adverteert in popups of andere opdringerige manieren. Deze zijn gewoonlijk niet alleen slecht, vaak hebben ze andere troep in zich...

                      In plaats van Internet Explorer, gebruik een andere browser zoals Opera, Mozilla of Firefox.

                      En laatst, maar zeker niet minst, hou Windows en Internet Explorer up-to-date met de laatste beveilgings patches die je computer kan beveiligen.

                      Dit kan je doen door naar http://windowsupdate.microsoft.com/ te gaan en de aanwijzingen op te volgen. Als je Windows XP draait, zorg dat je update naar SP-2!

                      Post maar terug als er nog steeds problemen zijn.
                        • Citaat

                        Comment

                        Vorige template Volgende
                        Sorry, you are not authorized to view this page
                        Working...
                        X
                        😀
                        🥰
                        🤢
                        😎
                        😡
                        👍
                        👎