Mededeling

Collapse
No announcement yet.

Spywareguard hyperactief, help!!!!!

Collapse
X
Collapse
  •  
  • Page of 1
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Spywareguard hyperactief, help!!!!!

    Na het installeren van msnplus is spywareguard doorgedraaid: om de paar seconden een melding dat er een of andere ''debiel'' mijn internetinstellingen wil wijzigen of heeft gewijzigd....

    Hier een Hijackthis logfile:

    Logfile of HijackThis v1.99.0
    Scan saved at 15:47:48, on 23-12-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\System32\sistray.EXE
    C:\WINDOWS\System32\khooker.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Apoint2K\HidFind.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\Documents and Settings\Ozzie\Mijn documenten\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.lnzqeizdyhyildqsf.com/dUsIW0X/DLyfjosRSxN1SqFP3MzD9/93fy36qROHjJIXc2Dcgwsf/v9VTDiCeXfZ.htm
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Gramthislicenseobj] C:\Documents and Settings\All Users\Application Data\less stupid gram this\Bits bore.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    O4 - HKCU\..\Run: [Antepeak] C:\DOCUME~1\Ozzie\APPLIC~1\ACTIVE~1\way loud.exe
    O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
    O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.nl/download/msnmessengersetupdownloader.cab
    O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    O23 - Service: NICSer_WPC54G - Unknown - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    HELP!!Q
    Labels: Geen
      • Citaat
    • #2
      Oorspronkelijk geplaatst door gigabit
      * Start hijackthis en vink volgende items aan:

      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

      * Sluit alle open vensters behalve hijackthis en klik: Fix Checked.

      Reboot!! Post daarna een nieuw hijackthislogje
      Nog steeds geen verandering....die meldingen van spywareguard blijven komen, kheb een nieuwe log gemaakt:

      Logfile of HijackThis v1.99.0
      Scan saved at 16:57:56, on 23-12-2004
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
      C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
      C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
      C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
      C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
      C:\Program Files\Apoint2K\Apoint.exe
      C:\WINDOWS\System32\sistray.EXE
      C:\WINDOWS\System32\khooker.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\Program Files\Apoint2K\HidFind.exe
      C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      c:\progra~1\intern~1\iexplore.exe
      C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
      C:\Program Files\MRU-Blaster\scheduler.exe
      C:\Program Files\SpywareGuard\sgmain.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\SpywareGuard\sgbhp.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Ozzie\Mijn documenten\hijackthis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pivuthnuzzhcaikaslrjjcij.com/dUsIW0X/DLyfjosRSxN1SqFP3MzD9/93fy36qROHjJLE4/0L/oflRf9VTDiCeXfZ.html
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
      O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
      O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
      O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
      O4 - HKLM\..\Run: [Gramthislicenseobj] C:\Documents and Settings\All Users\Application Data\less stupid gram this\Bits bore.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
      O4 - HKCU\..\Run: [Antepeak] C:\DOCUME~1\Ozzie\APPLIC~1\ACTIVE~1\way loud.exe
      O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
      O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
      O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
      O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
      O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
      O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.nl/download/msnmessengersetupdownloader.cab
      O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
      O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
      O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
      O23 - Service: NICSer_WPC54G - Unknown - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
      O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

      Zou je alsjeblieft nog even willen kijken waar het anders aan kan liggen
        • Citaat

        Comment

        • #3
          ik heb die dingen aangevinkt en gewist, maar probleem is niet opgelost.Spywareguard blijft meldingen geven:
          _______________________________________________________________
          ''(!)An attempt to change Internet Explorer settings has been detected''
          WARNING! Your IE search bar has been changed!

          Your Internet Explorer current user search bar has been changed from
          <none>
          to
          http:www.tpsccsuvnmrwx.uk/..........................................

          What would you like to do?

          restore old value keep new value
          _______________________________________________________________
          (bij de puntjes een hele vage letter/cijfercombinatie, heel lang)

          Deze melding krijg ik dus steeds. Als ik op ''restore old value'' druk, krijg ik melding ''old IE search bar restored''-->druk op Ok en:

          Een seconde later krijg ik weer een dezelfde melding, maar dit keer een ander internetadres.

          Het blijft zo doorgaan


          Wat is er aan de hand?
          weer een hijacthislog dan maar:

          Logfile of HijackThis v1.99.0
          Scan saved at 18:10:30, on 23-12-2004
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
          C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
          C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
          C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
          C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
          C:\Program Files\Apoint2K\Apoint.exe
          C:\WINDOWS\System32\sistray.EXE
          C:\WINDOWS\System32\khooker.exe
          C:\WINDOWS\AGRSMMSG.exe
          C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
          C:\Program Files\Apoint2K\Apntex.exe
          C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
          C:\Program Files\Apoint2K\HidFind.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          c:\progra~1\intern~1\iexplore.exe
          C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
          C:\Program Files\MRU-Blaster\scheduler.exe
          C:\Program Files\SpywareGuard\sgmain.exe
          C:\Program Files\SpywareGuard\sgbhp.exe
          C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
          C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
          C:\WINDOWS\system32\NOTEPAD.EXE
          C:\Documents and Settings\Ozzie\Mijn documenten\hijackthis.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vhdktyykwfbt.net/dUsIW0X/DLyfjosRSxN1SqFP3MzD9/93fy36qROHjJLmVEd4ybt2kP9VTDiCeXfZ.htm
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
          O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
          O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
          O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
          O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
          O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
          O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
          O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
          O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
          O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
          O4 - HKLM\..\Run: [Gramthislicenseobj] C:\Documents and Settings\All Users\Application Data\less stupid gram this\Bits bore.exe
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
          O4 - HKCU\..\Run: [Antepeak] C:\DOCUME~1\Ozzie\APPLIC~1\ACTIVE~1\way loud.exe
          O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
          O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
          O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
          O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
          O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.nl/download/msnmessengersetupdownloader.cab
          O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
          O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
          O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
          O23 - Service: NICSer_WPC54G - Unknown - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
          O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


            • Citaat

            Comment

            • #4
              Gigabit hou AUB op met antwoorden op Hijackthis log's

              Zie:
              Nucia Security Forums
              http://www.nucia.eu/forum/showthread.php?t=560


              Meld je anders aan bij "Helper in opleiding":
              Nucia Security Forums
              http://www.nucia.eu/forum/forumdisplay.php?f=19
              Grtz Lex.

              Kijk ook even naar ==> de huisregels <==, dit kan zeer verhelderend werken.
              Moederbord / Processor; Gigabyte GA-X58 Extreme / Core i7 920 2,66GHz @3,67GHz.
              Koeler; Thermal right 120 Ultra Extreme met Sharkoon 120x120x25mm fan.
              Geheugen / Harddisks; Dominator GT 6GB 1600MHz in Triple-channel / OCZ Agility 2 60GB (SSD), OCZ Agility 2 120GB (SSD).
              Videokaarten / Monitoren; 2x Club3d GTX460 Overclocked Edition in SLI / 2x Samsung 2253BW (22 inch).
              Branders; Plextor 820SA.
              Speakers; Logitech z5500.
              Toetsenbord / Muis; Logitech G15 / G5.
                • Citaat

                Comment

                • #5
                  Hoi AntiSpaaiwehr,

                  Gigabit is niet bevoegd om hier te helpen, dus ik neem het even over.


                  1. Scan met HijackThis en vink de volgende items aan:
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vhdktyykwfbt.net/dUsIW0X/...9VTDiCeXfZ.htm

                  O4 - HKLM\..\Run: [Gramthislicenseobj] C:\Documents and Settings\All Users\Application Data\less stupid gram this\Bits bore.exe
                  O4 - HKCU\..\Run: [Antepeak] C:\DOCUME~1\Ozzie\APPLIC~1\ACTIVE~1\way loud.exe
                  Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

                  2. Herstart de pc in veilige modus.
                  Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

                  Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
                  Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

                  Verwijder nu, in veilige modus dus, de volgende mappen:

                  C:\Documents and Settings\All Users\Application Data\less stupid gram this <- die map
                  C:\Documents and Settings\Ozzie\Application Data\ACTIVE~1 <- dat is die map waar "way loud.exe" in zit

                  3. Herstart de pc in 'normale modus'.

                  4. Maak een nieuw log en plaats dat hier.
                    • Citaat

                    Comment

                    • #6
                      lekker is dat!!

                      Wil er iemand checken of ik door hem verkeerde dingen heb verwijderd??

                      en mijn probleem oplossen...aub
                        • Citaat

                        Comment

                        • #7
                          wooowww, ik ga t proberen, be right back....
                            • Citaat

                            Comment

                            • #8
                              RESPECT!!! probleem opgelost

                              Log :

                              Logfile of HijackThis v1.99.0
                              Scan saved at 19:04:01, on 23-12-2004
                              Platform: Windows XP SP2 (WinNT 5.01.2600)
                              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                              Running processes:
                              C:\WINDOWS\System32\smss.exe
                              C:\WINDOWS\system32\winlogon.exe
                              C:\WINDOWS\system32\services.exe
                              C:\WINDOWS\system32\lsass.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\WINDOWS\system32\spoolsv.exe
                              C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
                              C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                              C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
                              C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
                              C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
                              C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
                              C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
                              C:\WINDOWS\Explorer.EXE
                              C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
                              C:\Program Files\Apoint2K\Apoint.exe
                              C:\WINDOWS\System32\sistray.EXE
                              C:\WINDOWS\System32\khooker.exe
                              C:\WINDOWS\AGRSMMSG.exe
                              C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
                              C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
                              C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                              C:\Program Files\Apoint2K\HidFind.exe
                              C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
                              C:\Program Files\Apoint2K\Apntex.exe
                              C:\WINDOWS\system32\ctfmon.exe
                              C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
                              C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
                              C:\Program Files\MRU-Blaster\scheduler.exe
                              C:\Program Files\SpywareGuard\sgmain.exe
                              C:\WINDOWS\system32\wuauclt.exe
                              C:\Program Files\SpywareGuard\sgbhp.exe
                              C:\Documents and Settings\Ozzie\Mijn documenten\hijackthis.exe

                              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                              O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
                              O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
                              O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
                              O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
                              O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
                              O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
                              O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
                              O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
                              O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
                              O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                              O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
                              O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
                              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                              O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
                              O4 - HKCU\..\Run: [Antepeak] C:\DOCUME~1\Ozzie\APPLIC~1\ACTIVE~1\way loud.exe
                              O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
                              O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
                              O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
                              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
                              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
                              O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
                              O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.nl/download/msnmessengersetupdownloader.cab
                              O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
                              O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
                              O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
                              O23 - Service: NICSer_WPC54G - Unknown - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
                              O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

                              Thnx...
                                • Citaat

                                Comment

                                • #9
                                  Niet te vroeg juichen, we zijn er nog niet helemaal.


                                  1. Scan met HijackThis en vink het volgende item aan:

                                  O4 - HKCU\..\Run: [Antepeak] C:\DOCUME~1\Ozzie\APPLIC~1\ACTIVE~1\way loud.exe

                                  Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

                                  2. Herstart de pc in veilige modus en verwijder de volgende map (indien nog aanwezig):

                                  C:\Documents and Settings\Ozzie\Application Data\ACTIVE~1 <- die map (de naam van de map begint dus met "Active...", het bestand "way loud.exe" zit erin)

                                  3. Herstart de pc in 'normale modus'.

                                  4. Maak een nieuw log en plaats dat hier.
                                    • Citaat

                                    Comment

                                    • #10
                                      Oorspronkelijk geplaatst door Buffy
                                      Niet te vroeg juichen, we zijn er nog niet helemaal.


                                      1. Scan met HijackThis en vink het volgende item aan:

                                      O4 - HKCU\..\Run: [Antepeak] C:\DOCUME~1\Ozzie\APPLIC~1\ACTIVE~1\way loud.exe

                                      Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

                                      2. Herstart de pc in veilige modus en verwijder de volgende map (indien nog aanwezig):

                                      C:\Documents and Settings\Ozzie\Application Data\ACTIVE~1 <- die map (de naam van de map begint dus met "Active...", het bestand "way loud.exe" zit erin)

                                      3. Herstart de pc in 'normale modus'.

                                      4. Maak een nieuw log en plaats dat hier.
                                      Ik heb gedaan wat je hebt beschreven, map was alleen niet te vinden. Ik neem aan dat ie weg is

                                      Nogmaals een log:

                                      Logfile of HijackThis v1.99.0
                                      Scan saved at 19:39:00, on 23-12-2004
                                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                                      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                                      Running processes:
                                      C:\WINDOWS\System32\smss.exe
                                      C:\WINDOWS\system32\winlogon.exe
                                      C:\WINDOWS\system32\services.exe
                                      C:\WINDOWS\system32\lsass.exe
                                      C:\WINDOWS\system32\svchost.exe
                                      C:\WINDOWS\System32\svchost.exe
                                      C:\WINDOWS\system32\spoolsv.exe
                                      C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
                                      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                                      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                                      C:\WINDOWS\System32\svchost.exe
                                      C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
                                      C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
                                      C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
                                      C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
                                      C:\WINDOWS\Explorer.EXE
                                      C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
                                      C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
                                      C:\Program Files\Apoint2K\Apoint.exe
                                      C:\WINDOWS\System32\sistray.EXE
                                      C:\WINDOWS\System32\khooker.exe
                                      C:\WINDOWS\AGRSMMSG.exe
                                      C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
                                      C:\Program Files\Apoint2K\HidFind.exe
                                      C:\Program Files\Apoint2K\Apntex.exe
                                      C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
                                      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                                      C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
                                      C:\WINDOWS\system32\ctfmon.exe
                                      C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
                                      C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
                                      C:\Program Files\MRU-Blaster\scheduler.exe
                                      C:\Program Files\SpywareGuard\sgmain.exe
                                      C:\WINDOWS\system32\wuauclt.exe
                                      C:\Program Files\SpywareGuard\sgbhp.exe
                                      C:\Documents and Settings\Ozzie\Mijn documenten\hijackthis.exe

                                      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                                      O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
                                      O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
                                      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
                                      O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
                                      O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
                                      O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
                                      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
                                      O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
                                      O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
                                      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                                      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
                                      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
                                      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                                      O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
                                      O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
                                      O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
                                      O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
                                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
                                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
                                      O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
                                      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.nl/download/msnmessengersetupdownloader.cab
                                      O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
                                      O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
                                      O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
                                      O23 - Service: NICSer_WPC54G - Unknown - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
                                      O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

                                      Kan ik nu wel juichen?

                                        • Citaat

                                        Comment

                                        • #11
                                          Je mag nu juichen.
                                            • Citaat

                                            Comment

                                            • #12
                                              Oorspronkelijk geplaatst door Buffy
                                              Je mag nu juichen.
                                              En van je heeeeeelaaa helaaaaaaa helaaaaaaaaa hoooooooooooooohooolaaaaaaaaaaaaaaaaaaa HE!!
                                                • Citaat

                                                Comment

                                                Vorige template Volgende
                                                Sorry, you are not authorized to view this page
                                                Working...
                                                X
                                                😀
                                                🥰
                                                🤢
                                                😎
                                                😡
                                                👍
                                                👎