Mededeling

Collapse
No announcement yet.

pc besmet

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • pc besmet

    Hallo,

    Ik weet dat mijn pc besmet is met PurityScan.W en heb al van alles geprobeerd (ad-aware spybot search & destroy trendmicro-online )maar veelal loopt de pc vast in deze programmas en moet ik heropstarten,misschien kan er via hijack iets gefixt worden.

    Alvast bedankt ,groetjes

    Martien

  • #2
    Ga naar http://www.nucia.eu

    Klik op HijackThis en maak, en post een logje zoals daar beschreven is.

    als je er niet uitkomt moet je het maar even laten weten

    Probeer ook deze online virusscan eens: http://www.pandasoftware.com/actives...f=EN-PR-AS-107


    Het rapaille dat per Przewalskipaard arriveerde bij het feeëriek gesitueerde etablissement - komma -

    "Verwar de waarheid niet met de mening van de meerderheid"

    Comment


    • #3
      hallo,

      hier is de log panda scan wil ook niet lukken.

      Logfile of HijackThis v1.98.2
      Scan saved at 15:34:50, on 17/11/04
      Platform: Windows 98 SE (Win9x 4.10.2222A)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\SYSTEM\KERNEL32.DLL
      C:\WINDOWS\SYSTEM\MSGSRV32.EXE
      C:\WINDOWS\SYSTEM\MPREXE.EXE
      C:\WINDOWS\SYSTEM\mmtask.tsk
      C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
      C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
      C:\PROGRAM FILES\ESET\NOD32KRN.EXE
      C:\WINDOWS\EXPLORER.EXE
      C:\WINDOWS\SYSTEM\SYSTRAY.EXE
      C:\WINDOWS\SYSTEM\TRIDTRAY.EXE
      C:\WINDOWS\LOADQM.EXE
      C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
      C:\WINDOWS\SYSTEM\STIMON.EXE
      D:\PROGRAM FILES\HP SHARE-TO-WEB\HPGS2WND.EXE
      C:\PROGRAM FILES\TELENET EASYCARE\SMARTBRIDGE\MOTIVESB.EXE
      C:\WINDOWS\SYSTEM\MSTASK.EXE
      C:\PROGRAM FILES\ESET\NOD32KUI.EXE
      C:\PROGRAM FILES\MEAYA\POPUP AD FILTER\POPFILTER.EXE
      C:\PROGRAM FILES\SIMPLE STAR\PHOTOSHOW DELUXE\DATA\XTRAS\MSSYSMGR.EXE
      C:\WINDOWS\APPLICATION DATA\BDEI.EXE
      C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
      D:\PROGRAM FILES\HP SHARE-TO-WEB\HPGS2WNF.EXE
      C:\WINDOWS\SYSTEM\WMIEXE.EXE
      C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
      C:\PROGRAM FILES\TELENET EASYCARE\BIN\MPBTN.EXE
      C:\WINDOWS\SYSTEM\DDHELP.EXE
      C:\WINDOWS\SYSTEM\TAPISRV.EXE
      C:\PROGRAM FILES\INCREDIMAIL\BIN\IMNOTFY.EXE
      C:\PROGRAM FILES\INCREDIBAR\BIN\IBMAIN.EXE
      C:\WINDOWS\DESKTOP\ONDERHOUD\HIJACK THIS\NEW\HIJACKTHIS.EXE
      C:\PROGRAM FILES\INCREDIMAIL\BIN\IMNOTFY.EXE

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.be/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_19_0.DLL
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
      O2 - BHO: IBBHO Class - {12BA043E-293E-4CE4-A8C7-8460934FE801} - C:\PROGRAM FILES\INCREDIBAR\BIN\IBBHO.DLL
      O3 - Toolbar: IncrediBar - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\PROGRAM FILES\INCREDIBAR\BIN\IBTOOLBAR.DLL
      O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
      O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_19_0.DLL
      O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
      O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\Run: [TridTray] C:\WINDOWS\SYSTEM\tridtray.exe
      O4 - HKLM\..\Run: [LoadQM] loadqm.exe
      O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
      O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
      O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
      O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
      O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
      O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset\nod32krn.exe"
      O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
      O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\DATA\XTRAS\MSSYSMGR.EXE
      O4 - HKCU\..\Run: [Asat] C:\WINDOWS\Application Data\bdei.exe
      O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
      O4 - Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
      O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
      O9 - Extra button: (no name) - {F756A28D-DCD5-46be-BCAB-17C088D07227} - (no file)
      O9 - Extra button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\PROGRAM FILES\INCREDIBAR\BIN\IBTOOLBAR.DLL
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
      O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
      O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
      O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
      O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
      O16 - DPF: ChatSpace Full Java Client 2.1.0.89 - http://213.133.40.8:8000/Java/cs4fs089.cab
      O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - http://www.ravantivirus.com/scan/ravonline.cab
      O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
      O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
      O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp04.photoprintit.de/microsite/1287/defaults/activex/XUpload.ocx
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
      O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab
      O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
      O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

      Comment


      • #4
        Hi martien54,

        Start HijackThis, klik op "Scan" and kruis de volgende onderdelen aan.

        O4 - HKCU\..\Run: [Asat] C:\WINDOWS\Application Data\bdei.exe

        Sluit alle programma's, inclusief browsers, behalve HijackThis. Klik op "Fix checked".

        Start je computer in beveiligde modus. Hoe start ik mijn computer in veilige modus?

        Zorg dat je verborgen bestanden kan zien. Hoe toon ik verborgen bestanden?

        Verwijder de volgende bestanden in rood (het kan zijn dat ze al verwijderd zijn):

        C:\WINDOWS\Application Data\bdei.exe

        Herstart de computer en post een nieuwe log in deze thread.

        Waar zou PurityScan moeten zijn?

        Comment


        • #5
          hallo,

          Hier is mijn nieuwe log
          purityscan.w zou een trojaans paard moeten zijn want via een onlinescan(weet niet meer welke)kreeg ik de melding bde.exe besmet met trojan purityscan.w maar kon niets verwijderen ,verder gekeken op het net maar vond alleen maar engelse uitleg en begrijp dit niet goed genoeg
          http://www.google.be/search?hl=nl&q=purityscan.w&meta=

          bedankt en groetjes
          Martien

          Logfile of HijackThis v1.98.2
          Scan saved at 13:14:38, on 18/11/04
          Platform: Windows 98 SE (Win9x 4.10.2222A)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINDOWS\SYSTEM\KERNEL32.DLL
          C:\WINDOWS\SYSTEM\MSGSRV32.EXE
          C:\WINDOWS\SYSTEM\MPREXE.EXE
          C:\WINDOWS\SYSTEM\mmtask.tsk
          C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
          C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
          C:\PROGRAM FILES\ESET\NOD32KRN.EXE
          C:\WINDOWS\EXPLORER.EXE
          C:\WINDOWS\SYSTEM\SYSTRAY.EXE
          C:\WINDOWS\SYSTEM\TRIDTRAY.EXE
          C:\WINDOWS\LOADQM.EXE
          C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
          C:\WINDOWS\SYSTEM\STIMON.EXE
          D:\PROGRAM FILES\HP SHARE-TO-WEB\HPGS2WND.EXE
          C:\PROGRAM FILES\ESET\NOD32KUI.EXE
          C:\WINDOWS\SYSTEM\QTTASK.EXE
          C:\PROGRAM FILES\MEAYA\POPUP AD FILTER\POPFILTER.EXE
          C:\WINDOWS\SYSTEM\MSTASK.EXE
          C:\PROGRAM FILES\SIMPLE STAR\PHOTOSHOW DELUXE\DATA\XTRAS\MSSYSMGR.EXE
          C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
          D:\PROGRAM FILES\HP SHARE-TO-WEB\HPGS2WNF.EXE
          C:\WINDOWS\SYSTEM\WMIEXE.EXE
          C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
          C:\PROGRAM FILES\TELENET EASYCARE\BIN\MPBTN.EXE
          C:\PROGRAM FILES\TELENET EASYCARE\SMARTBRIDGE\MOTIVESB.EXE
          C:\PROGRAM FILES\INCREDIBAR\BIN\IBMAIN.EXE
          C:\WINDOWS\SYSTEM\RNAAPP.EXE
          C:\WINDOWS\SYSTEM\TAPISRV.EXE
          C:\WINDOWS\DESKTOP\ONDERHOUD\HIJACK THIS\NEW\HIJACKTHIS.EXE

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.be/
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_19_0.DLL
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
          O2 - BHO: IBBHO Class - {12BA043E-293E-4CE4-A8C7-8460934FE801} - C:\PROGRAM FILES\INCREDIBAR\BIN\IBBHO.DLL
          O3 - Toolbar: IncrediBar - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\PROGRAM FILES\INCREDIBAR\BIN\IBTOOLBAR.DLL
          O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
          O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_19_0.DLL
          O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
          O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
          O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\Run: [TridTray] C:\WINDOWS\SYSTEM\tridtray.exe
          O4 - HKLM\..\Run: [LoadQM] loadqm.exe
          O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
          O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
          O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
          O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
          O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\HP Share-to-Web\hpgs2wnd.exe
          O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
          O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
          O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
          O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
          O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
          O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset\nod32krn.exe"
          O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
          O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
          O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\DATA\XTRAS\MSSYSMGR.EXE
          O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
          O4 - Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
          O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
          O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
          O9 - Extra button: (no name) - {F756A28D-DCD5-46be-BCAB-17C088D07227} - (no file)
          O9 - Extra button: IncrediBar - {023FA804-DCE1-4817-94ED-6BA4200F9AF2} - C:\PROGRAM FILES\INCREDIBAR\BIN\IBTOOLBAR.DLL
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
          O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
          O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
          O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
          O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
          O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
          O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
          O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
          O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
          O16 - DPF: ChatSpace Full Java Client 2.1.0.89 - http://213.133.40.8:8000/Java/cs4fs089.cab
          O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - http://www.ravantivirus.com/scan/ravonline.cab
          O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
          O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
          O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
          O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
          O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp04.photoprintit.de/microsite/1287/defaults/activex/XUpload.ocx
          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
          O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
          O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
          O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
          O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab
          O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
          O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
          O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

          Comment


          • #6
            Hi martien54,

            Hier is mijn nieuwe log
            purityscan.w zou een trojaans paard moeten zijn want via een onlinescan(weet niet meer welke)kreeg ik de melding bde.exe besmet met trojan purityscan.w maar kon niets verwijderen ,verder gekeken op het net maar vond alleen maar engelse uitleg en begrijp dit niet goed genoeg
            http://www.google.be/search?hl=nl&q=purityscan.w&meta=
            Dan denk ik dat hij weg is. Ik denk dat je bdei.exe bedoelt die ik je weg liet halen in mijn vorige post.

            Deze log is schoon!

            Dit is de tijd om beveiliging op te zetten tegen toekomstige aanvallen. Lees het artikel achter deze link
            "How did I get infected" (Engels). Als je ze niet al hebt, je hebt nodig een uptodate antivirus, een goede firewall, bijvoorbeeld Kerio Personal Firewall of ZoneLabs Zone Alarm, een spyware blocker als SpywareBlaster en ook IE-Spyads en spyware detectie (Ad-aware SE en SpyBot S+D). Deze hebben allemaal goede gratis versies beschikbaar... wees op je hoede voor beveiligingssoftware die adverteert in popups of andere opdringerige manieren. Deze zijn gewoonlijk niet alleen slecht, vaak hebben ze andere troep in zich...

            In plaats van Internet Explorer, gebruik een andere browser zoals Opera, Mozilla of Firefox.

            En laatst, maar zeker niet minst, hou Windows en Internet Explorer up-to-date met de laatste beveilgings patches die je computer kan beveiligen.

            Dit kan je doen door naar http://windowsupdate.microsoft.com/ te gaan en de aanwijzingen op te volgen. Als je Windows XP draait, zorg dat je update naar SP-2!

            Post maar terug als er nog steeds problemen zijn.

            Comment

            Sorry, you are not authorized to view this page
            Working...
            X