Mededeling

Collapse
No announcement yet.

Erg veel troep op m'n pc.

Collapse
X
Collapse
  •  
  • Page of 1
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Erg veel troep op m'n pc.

    Wie kan me helpen, volgens mij zit er heel veel troep op m'n pc. Gescand met ad aware en spybot en daarmee al heel veel er van af gehaald.
    Ik heb nu een hijackthis log gemaakt:

    Logfile of HijackThis v1.99.0
    Scan saved at 13:46:03, on 28-12-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\MSRGSRV.exe
    C:\WINDOWS\yalmoap.exe
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Arco\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WINDOWSMSRGSRV] C:\WINDOWS\MSRGSRV.exe
    O4 - HKLM\..\Run: [6C5gFfh] C:\WINDOWS\yalmoap.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

    Alvast bedankt!!!
    Labels: Geen
      • Citaat
    • #2
      Hoi arcokolken,


      1. Scan met HijackThis en vink de volgende items aan:

      R3 - Default URLSearchHook is missing

      O4 - HKLM\..\Run: [WINDOWSMSRGSRV] C:\WINDOWS\MSRGSRV.exe
      O4 - HKLM\..\Run: [6C5gFfh] C:\WINDOWS\yalmoap.exe

      O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)
      Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

      2. Herstart de pc in veilige modus.
      Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

      Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
      Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

      Verwijder nu, in veilige modus dus, de volgende bestanden:

      C:\WINDOWS\MSRGSRV.exe <- dat bestand
      C:\WINDOWS\yalmoap.exe <- dat bestand

      3. Herstart de pc in 'normale modus'.

      4. Maak een nieuw log en plaats dat hier.
        • Citaat

        Comment

        • #3
          daar is ie dan, in de veilige modus waren die 2 er niet meer die ik verwijderen moest:

          Logfile of HijackThis v1.99.0
          Scan saved at 14:06:15, on 28-12-2004
          Platform: Windows XP SP1 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\Program Files\Logitech\iTouch\iTouch.exe
          C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
          C:\Program Files\Winamp\winampa.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
          C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
          C:\Program Files\ISTsvc\istsvc.exe
          C:\WINDOWS\yalmoap.exe
          C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
          C:\Program Files\Norton AntiVirus\navapsvc.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\Program Files\Norton AntiVirus\SAVScan.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\WINDOWS\System32\wuauclt.exe
          C:\WINDOWS\System32\wuauclt.exe
          C:\Arco\hijackthis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
          O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
          O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
          O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
          O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
          O4 - HKLM\..\Run: [6C5gFfh] C:\WINDOWS\yalmoap.exe
          O4 - Global Startup: Image Transfer.lnk = ?
          O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
          O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
          O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
          O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
          O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
          O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
          O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
          O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
          O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
          O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
          O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
          O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
          O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
          O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
          O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
            • Citaat

            Comment

            • #4
              sorry, zie nu dat ik de Bestanden moest verwijderen.

              zo het nu doen
                • Citaat

                Comment

                • #5
                  zo dan:

                  Logfile of HijackThis v1.99.0
                  Scan saved at 14:16:57, on 28-12-2004
                  Platform: Windows XP SP1 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\Program Files\Norton AntiVirus\navapsvc.exe
                  C:\WINDOWS\System32\nvsvc32.exe
                  C:\Program Files\Norton AntiVirus\SAVScan.exe
                  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                  C:\Program Files\Logitech\iTouch\iTouch.exe
                  C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                  C:\Program Files\Winamp\winampa.exe
                  C:\Program Files\QuickTime\qttask.exe
                  C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
                  C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                  C:\Program Files\ISTsvc\istsvc.exe
                  C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
                  C:\Arco\hijackthis.exe
                  C:\WINDOWS\System32\wuauclt.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
                  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                  O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                  O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
                  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                  O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
                  O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                  O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
                  O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
                  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                  O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
                  O4 - HKLM\..\Run: [6C5gFfh] C:\WINDOWS\yalmoap.exe
                  O4 - Global Startup: Image Transfer.lnk = ?
                  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
                  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
                  O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
                  O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
                  O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                  O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
                  O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
                  O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
                  O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
                  O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                  O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
                  O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                  O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
                  O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                  O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
                  O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
                  O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
                    • Citaat

                    Comment

                    • #6
                      1. Open Taakbeheer (door Ctrl+Alt+Del te toetsen), kies het tabblad processen, selecteer het proces istsvc.exe en beëindig dat proces.

                      2. Klik met de rechtermuisknop op de volgende link, kies "Doel opslaan als...", kies bij "Opslaan in" voor je bureaublad en klik op "Opslaan".

                      -> deze link: http://securityresponse.symantec.com...r/FxIstbar.exe

                      Dit tooltje komt nu op je bureaublad te staan. Draai het door erop te dubbelklikken.

                      3. Start de pc opnieuw op, maak een nieuw HijackThis-log en plaats dat hier.
                        • Citaat

                        Comment

                        • #7
                          gedaan...

                          Logfile of HijackThis v1.99.0
                          Scan saved at 14:37:23, on 28-12-2004
                          Platform: Windows XP SP1 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\Program Files\Norton AntiVirus\navapsvc.exe
                          C:\WINDOWS\System32\nvsvc32.exe
                          C:\Program Files\Norton AntiVirus\SAVScan.exe
                          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                          C:\Program Files\Logitech\iTouch\iTouch.exe
                          C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                          C:\Program Files\Winamp\winampa.exe
                          C:\Program Files\QuickTime\qttask.exe
                          C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                          C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
                          C:\WINDOWS\System32\wuauclt.exe
                          C:\WINDOWS\explorer.exe
                          C:\Arco\hijackthis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
                          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                          O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                          O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
                          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
                          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                          O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
                          O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                          O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                          O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
                          O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
                          O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                          O4 - HKLM\..\Run: [6C5gFfh] C:\WINDOWS\yalmoap.exe
                          O4 - Global Startup: Image Transfer.lnk = ?
                          O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
                          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                          O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
                          O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
                          O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
                          O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                          O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
                          O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
                          O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
                          O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
                          O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                          O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
                          O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                          O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
                          O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                          O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
                          O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
                          O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
                            • Citaat

                            Comment

                            • #8
                              Bijna klaar.


                              1. Scan met HijackThis en vink het volgende item aan:

                              O4 - HKLM\..\Run: [6C5gFfh] C:\WINDOWS\yalmoap.exe

                              Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

                              2. Download en installeer CCleaner: http://www.ccleaner.com/
                              Start dit programma. Kijk of het tabblad Windows geselecteerd is (als het goed is staat dit standaard zo) en klik op de knop "Run Cleaner" (rechtsonder). CCleaner ruimt nu tijdelijke en andere overbodige bestanden op. Selecteer daarna het tabblad "Applications" en klik weer op "Run Cleaner". Is hij klaar, kies dan "Exit".

                              3. Start de pc opnieuw op.

                              4. Maak een nieuw HijackThis-log en plaats dat hier.
                                • Citaat

                                Comment

                                • #9
                                  hier is ie weer en alvast bedankt tot zover!!

                                  Logfile of HijackThis v1.99.0
                                  Scan saved at 14:53:22, on 28-12-2004
                                  Platform: Windows XP SP1 (WinNT 5.01.2600)
                                  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                                  Running processes:
                                  C:\WINDOWS\System32\smss.exe
                                  C:\WINDOWS\system32\winlogon.exe
                                  C:\WINDOWS\system32\services.exe
                                  C:\WINDOWS\system32\lsass.exe
                                  C:\WINDOWS\system32\svchost.exe
                                  C:\WINDOWS\System32\svchost.exe
                                  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                                  C:\WINDOWS\Explorer.EXE
                                  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                                  C:\WINDOWS\system32\spoolsv.exe
                                  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                                  C:\Program Files\Logitech\iTouch\iTouch.exe
                                  C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                                  C:\Program Files\Winamp\winampa.exe
                                  C:\Program Files\QuickTime\qttask.exe
                                  C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
                                  C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                                  C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
                                  C:\Program Files\Norton AntiVirus\navapsvc.exe
                                  C:\WINDOWS\System32\nvsvc32.exe
                                  C:\Program Files\Norton AntiVirus\SAVScan.exe
                                  C:\WINDOWS\System32\wuauclt.exe
                                  C:\WINDOWS\System32\wuauclt.exe
                                  C:\Arco\hijackthis.exe

                                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                                  O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
                                  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                                  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                                  O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                                  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                                  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                                  O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
                                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                                  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
                                  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                                  O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
                                  O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                                  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                                  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                                  O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                                  O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
                                  O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
                                  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                                  O4 - Global Startup: Image Transfer.lnk = ?
                                  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
                                  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                                  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
                                  O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
                                  O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
                                  O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
                                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                                  O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                                  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
                                  O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
                                  O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
                                  O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
                                  O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                                  O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
                                  O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                                  O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
                                  O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                                  O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
                                  O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
                                  O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
                                    • Citaat

                                    Comment

                                    • #10
                                      Keurig.

                                      Mocht je de Yahoo Toolbar nog kwijt willen, lees dan hier hoe je die verwijdert: http://support.microsoft.com/default...;EN-US;Q303047

                                      Voorkomen is beter dan genezen, dus lees de volgende pagina's eens:
                                      Nucia Security Forums
                                      http://www.nucia.eu/forum/showthread.php?t=55

                                      Nucia Security Forums
                                      http://www.nucia.eu/main/spyware_hoevoorkom.html
                                        • Citaat

                                        Comment

                                        • #11
                                          Mooi, hartstikke bedankt!!!
                                            • Citaat

                                            Comment

                                            • #12
                                              Graag gedaan.
                                                • Citaat

                                                Comment

                                                Vorige template Volgende
                                                Sorry, you are not authorized to view this page
                                                Working...
                                                X
                                                😀
                                                🥰
                                                🤢
                                                😎
                                                😡
                                                👍
                                                👎