Mededeling

Collapse
No announcement yet.

Grondige opknapbeurt - wat verwijderen?

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Grondige opknapbeurt - wat verwijderen?

    Hoi allemaal,

    Ik heb de vraag reeds eens gesteld op de helpmij-site, maar daar werd ik doorverwezen naar dit forum.
    Dus nogmaals herhalen : Ik wil - op aanraden van het Belgische computerblad ClickxMagazine - mijn computer een grondige opknapbeurt geven. Men zegt daar dat je bepaalde programma's uit je 'opstarten' kan verwijderen via MsConfig, maar daar krijg je weinig info. Dan heb ik maar Scotty, de gratis waakhond geïnstalleerd (www.winpatrol.com), die geeft wat meer info.
    Nu heb ik volgende bestandjes gevonden, waarvan ik niet weet of ik ze best zou verwijderen of best zou laten staan.
    Het gaat hier over de volgende:
    Bij "startup": SettingsProcMovePlus (LoadElse.exe)
    Bij "startup": Lies Rule (Frag Amen.exe)
    Bij "Ie-Helper": PopMix.exe

    Ik heb intussen HiJackthis geïnstalleerd en volgende log gekopieerd :
    Logfile of HijackThis v1.99.0
    Scan saved at 17:01:12, on 29/12/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\TV Dinges\TV Dinges.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Spamihilator\spamihilator.exe
    C:\Program Files\ISP Monitor\isp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Tanagra\Memeo\BMUService.exe
    C:\Program Files\Redei Enterprises\PopupKiller\PopupKiller.exe
    C:\Program Files\WallpaperToy\Wallpapertoy.Exe
    C:\Program Files\Tanagra\Memeo\backup.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
    C:\Documents and Settings\All Users\Application Data\wmacampsettingsproc\CASTREMOTE.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\PROGRA~1\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\U9N1DQ9C\hijackthis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.be/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.uhrcekvgobtkdesurrqzbxcg.com/xYJDuNPjo5bseyopSJv/MVlvm44JNGwBjKgLuDeErsCpgWYFQDp3AqhUJX3sBoPm.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.be/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.zbqgvjrvlm.com/xYJDuNPjo5bseyopSJv/MVlvm44JNGwBjKgLuDeErsBV4wUlg6KyRahUJX3sBoPm.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.pandora.be:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {2CBFDEA8-A0EA-6C4B-9E8E-D2BDC284EFDD} - (no file)
    O2 - BHO: (no name) - {777C2B0E-3D34-6813-C8B7-C95B06517711} - C:\DOCUME~1\Eigenaar\APPLIC~1\CITYBI~1\popmix.exe
    O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton CleanSweep\QDCSFS.exe /startup
    O4 - HKLM\..\Run: [SettingsProcMovePlus] C:\Documents and Settings\All Users\Application Data\wmacampsettingsproc\LoadElse.exe
    O4 - HKLM\..\Run: [TV Dinges] C:\Program Files\TV Dinges\TV Dinges.exe start
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [Lies Rule] C:\DOCUME~1\Eigenaar\APPLIC~1\SHIMAC~1\Frag Amen.exe
    O4 - Startup: Memeo Launcher.lnk = ?
    O4 - Startup: PopupKiller.lnk = ?
    O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG1
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {4C762EEE-6D90-4F9B-94F6-B6E99B008ABD} (SeeStorm AvatarPlayer) - http://www.facefactory.tv/cab/AvatarPlayer.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.00.0036/OCI/setup.exe
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
    O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} (AtlAtomadersCtlAttrib Class) - http://kraisoft.com/files/realone/atomaders.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.lycos.nl/activex/zylomgamesplayer.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.lycos.nl/activex/zylomloader.cab
    O16 - DPF: {DE09F5CB-1758-488E-8346-BD35FB6C64EF} (SeeStorm AvatarRecorder) - http://www.facefactory.tv/cab/AvatarRecorder.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: Memeo - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\BMUService.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: Norton AntiVirus Auto-Protect-service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Wie kan mij eventueel helpen?

    Thx bij voorbaat,

    Deejay59
    Labels: Geen
    • Citaat
  • #2
    Hoi,

    Ik zie dat hijackthis.exe nog in je temp-map staat. Dit is geen goede plaats aangezien hijackthis backups maakt en die backups kunnen verwijderd worden zolang die in je tempmap blijven staan.
    Maak daarvoor een permanente map aan:
    Ga naar Deze Computer > C > Program Files. Klik op Bestand > Nieuw > Map. Noem deze map HijackThis. Open je verkenner en kopieer volgende regel in het adresveld:
    C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\U9N1DQ9C\hijackthis[1].exe
    Versleep nu de HijackThis.exe in die nieuwe map die je aangemaakt hebt.

    Je hebt blijkbaar messenger plus met sponsers geïnstalleerd. Dus, ik raad je aan om eerst messenger plus te deïnstalleren. Die kan je wanneer je systeem terug clean is terug installeren, maar deze keer zonder sponsers. (Deze optie kan je kiezen bij het begin van de installatie).

    Tijdens de uninstall ervan zal je een sponservenster krijgen zoals je hier een voorbeeld ziet: http://www.msgplus.net/images/sponsor_uninstall.jpg
    Als je deze niet ziet, kijk dan eens in je taakbar. In dat venster typ je de code in die je te zien krijgt en klik op uninstall.
    Dan gewoon verdere instructies opvolgen die gegeven worden.

    Reboot daarna je pc en post een nieuw hijackthislogje om de restanten op te ruimen.
    Microsoft MVP - Consumer Security
    Director of Research @ Malwarebytes
    Mijn Blog
    • Citaat

    Comment

    • #3
      Oorspronkelijk geplaatst door miekiemoes
      Hoi,

      Ik zie dat hijackthis.exe nog in je temp-map staat. Dit is geen goede plaats aangezien hijackthis backups maakt en die backups kunnen verwijderd worden zolang die in je tempmap blijven staan.
      Maak daarvoor een permanente map aan:
      Ga naar Deze Computer > C > Program Files. Klik op Bestand > Nieuw > Map. Noem deze map HijackThis. Open je verkenner en kopieer volgende regel in het adresveld:
      C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\U9N1DQ9C\hijackthis[1].exe
      Versleep nu de HijackThis.exe in die nieuwe map die je aangemaakt hebt.

      Je hebt blijkbaar messenger plus met sponsers geïnstalleerd. Dus, ik raad je aan om eerst messenger plus te deïnstalleren. Die kan je wanneer je systeem terug clean is terug installeren, maar deze keer zonder sponsers. (Deze optie kan je kiezen bij het begin van de installatie).

      Tijdens de uninstall ervan zal je een sponservenster krijgen zoals je hier een voorbeeld ziet: http://www.msgplus.net/images/sponsor_uninstall.jpg
      Als je deze niet ziet, kijk dan eens in je taakbar. In dat venster typ je de code in die je te zien krijgt en klik op uninstall.
      Dan gewoon verdere instructies opvolgen die gegeven worden.

      Reboot daarna je pc en post een nieuw hijackthislogje om de restanten op te ruimen.
      Bedankt, collega-west-vlaming, ik heb je gouden raad opgevolgd.
      Ik heb dus die hijackthis.exe verplaatst en msgplus verwijderd.
      Hier volgt mijn nieuwe hijack-log:

      Logfile of HijackThis v1.99.0
      Scan saved at 18:13:08, on 29/12/2004
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
      C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\TV Dinges\TV Dinges.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
      C:\Program Files\Spamihilator\spamihilator.exe
      C:\Program Files\ISP Monitor\isp.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\PROGRA~1\INCRED~1\bin\IMApp.exe
      C:\Program Files\Tanagra\Memeo\BMUService.exe
      C:\Program Files\Redei Enterprises\PopupKiller\PopupKiller.exe
      C:\Program Files\WallpaperToy\Wallpapertoy.Exe
      C:\Program Files\Tanagra\Memeo\backup.exe
      C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\HijackThis\hijackthis[1].exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.be/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.unjjyxbffuuwhibqbozpl.com/xYJDuNPjo5bseyopSJv/MVlvm44JNGwBjKgLuDeErsCE0vrWlSW9T6hUJX3sBoPm.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.be/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.pandora.be:8080
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: (no name) - {2CBFDEA8-A0EA-6C4B-9E8E-D2BDC284EFDD} - (no file)
      O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton CleanSweep\QDCSFS.exe /startup
      O4 - HKLM\..\Run: [TV Dinges] C:\Program Files\TV Dinges\TV Dinges.exe start
      O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe
      O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
      O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
      O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - Startup: Memeo Launcher.lnk = ?
      O4 - Startup: PopupKiller.lnk = ?
      O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
      O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG1
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
      O16 - DPF: {4C762EEE-6D90-4F9B-94F6-B6E99B008ABD} (SeeStorm AvatarPlayer) - http://www.facefactory.tv/cab/AvatarPlayer.cab
      O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.00.0036/OCI/setup.exe
      O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
      O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
      O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} (AtlAtomadersCtlAttrib Class) - http://kraisoft.com/files/realone/atomaders.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
      O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.lycos.nl/activex/zylomgamesplayer.cab
      O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
      O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.lycos.nl/activex/zylomloader.cab
      O16 - DPF: {DE09F5CB-1758-488E-8346-BD35FB6C64EF} (SeeStorm AvatarRecorder) - http://www.facefactory.tv/cab/AvatarRecorder.cab
      O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v6.cab
      O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
      O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
      O23 - Service: Memeo - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\BMUService.exe
      O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
      O23 - Service: Norton AntiVirus Auto-Protect-service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
      O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

      Mag ik nu messenger plus terug installeren (ik hoop van wel, anders krijg ik slaag van mijn dochtertje)?
      Wat moet ik nu best doen?

      groeten,

      Deejay59
      • Citaat

      Comment

      • #4
        Ja, je kan messenger plus terug installeren, maar kies deze keer om die ZONDER sponser te installeren. Dit wordt gevraagd in het begin van de installatie.
        Ik zie ook dat er vaak spelletjessites bezocht worden. Probeer daar ook een beetje mee op te letten, want malware schuilt overal.

        En nu de restantjes:

        * Start hijackthis en vink volgende items aan:

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.unjjyxbffuuwhibqbozpl.co...hUJX3sBoPm.html
        O2 - BHO: (no name) - {2CBFDEA8-A0EA-6C4B-9E8E-D2BDC284EFDD} - (no file)
        O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG1
        O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/C...6/OCI/setup.exe
        O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} (AtlAtomadersCtlAttrib Class) - http://kraisoft.com/files/realone/atomaders.cab

        * Sluit alle open vensters behalve hijackthis en klik: Fix Checked.

        Download en installeer alvast Hitman Pro
        Kijk op de site hoe je het programma juist moet instellen (screenshot aanwezig)
        Dit is een automatische tool die een volledige systeemscan doet met verschillende antispywarescanners zoals spybot s&d, adaware se, spysweeper.. Ook installeert het spywareblaster en configureert die automatisch voor je. Je hoeft gewoon niks te doen, Hitman Pro doet dit allemaal automatisch voor je, alsook het updaten van je antispywarescanners. Laat Hitman Pro regelmatig runnen.

        Happy surfing again.
        Microsoft MVP - Consumer Security
        Director of Research @ Malwarebytes
        Mijn Blog
        • Citaat

        Comment

        Vorige template Volgende
        Sorry, you are not authorized to view this page
        Working...
        X