Mededeling

Collapse
No announcement yet.

willen jullie eens naar mijn logfile kijken

Collapse
X
  •  
  • Tijd
  • Show
Clear All
new posts

  • willen jullie eens naar mijn logfile kijken

    Heb er niet veel verstand van maar zou erg graag van die 'nieuwe' startpagina afwillen.

    hoor graag van je

    grt
    MaLo


    Logfile of HijackThis v1.99.0
    Scan saved at 22:29:07, on 29-12-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    C:\Program Files\PestPatrol\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\WINNT\System32\taskswitch.exe
    C:\WINNT\ewupdater.exe
    C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
    C:\WINNT\System32\ntcpl.exe
    C:\WINNT\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Navnt\navapw32.exe
    C:\WINNT\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Hijack This\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.easywebsearch.nl/ie.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.easywebsearch.nl/ie.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.easywebsearch.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.easywebsearch.nl/ie.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.easywebsearch.nl/ie.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: OpinionBar IE monitor - {6607C683-AE7C-11D4-ACD7-0050DAC291A2} - (no file)
    O3 - Toolbar: (no name) - {4C8155BA-1458-411B-9B6A-E53FBC68C17F} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINNT\System32\taskswitch.exe
    O4 - HKLM\..\Run: [ewupdater] C:\WINNT\ewupdater.exe
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
    O4 - HKLM\..\Run: [NvCplD] C:\WINNT\System32\ntcpl.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
    O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
    O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) - http://s7.blingblingcontent.com/toolbarcash/activex/easywebinstaller.ocx
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {AD0E37CE-0A0E-4183-83E9-902CC84A4185} (RootInstaller Class) - https://www.partners.extranet.microsoft.com/Content/launch/rootinst.dll
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ka.copaco.local
    O17 - HKLM\Software\..\Telephony: DomainName = ka.copaco.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ka.copaco.local
    O18 - Protocol: OWC11.mso-offdap - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe

  • #2
    Hoi,

    Ga via configuratiescherm naar software > programma's wijzigen/verwijderen en kijk of volgende programma's aanwezig zijn en de-installeer die:

    switch

    * Zorg ervoor dat je verborgen mappen en bestanden weergegeven zijn. Hoe deze weer te geven.
    * Start hijackthis en vink volgende items aan:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.easywebsearch.nl/ie.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.easywebsearch.nl/ie.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.easywebsearch.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.easywebsearch.nl/ie.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.easywebsearch.nl/ie.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html
    O2 - BHO: OpinionBar IE monitor - {6607C683-AE7C-11D4-ACD7-0050DAC291A2} - (no file)
    O3 - Toolbar: (no name) - {4C8155BA-1458-411B-9B6A-E53FBC68C17F} - (no file)
    O4 - HKLM\..\Run: [ewupdater] C:\WINNT\ewupdater.exe
    O4 - HKLM\..\Run: [NvCplD] C:\WINNT\System32\ntcpl.exe
    O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) - http://s7.blingblingcontent.com/too...ebinstaller.ocx


    * Sluit alle open vensters behalve hijackthis en klik: Fix Checked.

    * Start nu je pc op in VEILIGE MODE. Hoe start ik in veilige mode op.

    * Zoek daarna via verkenner volgende items en verwijder deze manueel indien nog aanwezig:

    C:\WINNT\ewupdater.exe
    C:\WINNT\System32\ntcpl.exe
    C:/Program Files/EnterOne <==deze map

    * Reboot je pc terug normaal en post een nieuw hijackthislogje.
    Last edited by miekiemoes; 29-12-04, 21:52. Reden: mapje vergeten
    Microsoft MVP - Consumer Security
    Director of Research @ Malwarebytes
    Mijn Blog

    Comment


    • #3
      switch

      dank voor je snelle reactie...


      als ik via config scherm, software verwijderen naar SWITCH ga dan krijg ik een explore scherm met daarin volgende link

      http://80.69.160.77/uninstall/?version=53&id=430A91DF8101F13C8BC7CFE9D040DE08&portalid=NL31432601&portal=0&id0=1&i en dan nog een aantal tekens.....

      met daaronder de knop
      To change this program or remove it from your computer, click Change/Remove


      wat nu?

      Comment


      • #4
        Gewoon de stappen opvolgen die gegeven worden. Dus, op change/remove klikken.
        Microsoft MVP - Consumer Security
        Director of Research @ Malwarebytes
        Mijn Blog

        Comment


        • #5
          done

          heb nu de volgende logfile:
          beter?




          Logfile of HijackThis v1.99.0
          Scan saved at 23:21:18, on 29-12-2004
          Platform: Windows XP SP1 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINNT\System32\smss.exe
          C:\WINNT\system32\winlogon.exe
          C:\WINNT\system32\services.exe
          C:\WINNT\system32\lsass.exe
          C:\WINNT\system32\svchost.exe
          C:\WINNT\System32\svchost.exe
          C:\WINNT\system32\spoolsv.exe
          C:\WINNT\System32\Ati2evxx.exe
          C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
          C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
          C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
          C:\WINNT\System32\svchost.exe
          C:\WINNT\Explorer.EXE
          C:\Program Files\QuickTime\qttask.exe
          C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
          C:\Program Files\PestPatrol\PPControl.exe
          C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
          C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
          C:\WINNT\System32\taskswitch.exe
          C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
          C:\WINNT\ewupdater.exe
          C:\WINNT\System32\ctfmon.exe
          C:\Program Files\MSN Messenger\MsnMsgr.Exe
          C:\Program Files\Navnt\navapw32.exe
          C:\WINNT\System32\wuauclt.exe
          C:\WINNT\System32\wuauclt.exe
          C:\Hijack This\hijackthis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
          O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
          O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
          O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
          O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
          O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
          O4 - HKLM\..\Run: [CoolSwitch] C:\WINNT\System32\taskswitch.exe
          O4 - HKLM\..\Run: [ewupdater] C:\WINNT\ewupdater.exe
          O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
          O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
          O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
          O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
          O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
          O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
          O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
          O16 - DPF: {AD0E37CE-0A0E-4183-83E9-902CC84A4185} (RootInstaller Class) - https://www.partners.extranet.microsoft.com/Content/launch/rootinst.dll
          O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
          O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
          O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ka.copaco.local
          O17 - HKLM\Software\..\Telephony: DomainName = ka.copaco.local
          O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ka.copaco.local
          O18 - Protocol: OWC11.mso-offdap - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
          O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\System32\Ati2evxx.exe
          O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
          O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
          O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
          O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe

          Comment


          • #6
            Al wat beter maar nog niet helemaal. Je hebt C:\WINNT\ewupdater.exe niet manueel verwijdert.

            * Open taakbeheer met behulp van de CTRL-ALT-DEL toetsen tegelijkertijd in te drukken, kies tab processen en beeïndig volgende:

            ewupdater

            * Start hijackthis en vink volgende items aan:

            O4 - HKLM\..\Run: [ewupdater] C:\WINNT\ewupdater.exe

            * Sluit alle open vensters behalve hijackthis en klik: Fix Checked.

            * Zoek daarna via verkenner volgende items en verwijder deze manueel indien nog aanwezig:

            C:\WINNT\ewupdater.exe

            * Reboot je pc en post een nieuw hijackthislogje.

            Btw: ken je deze?: ka.copaco.local
            Microsoft MVP - Consumer Security
            Director of Research @ Malwarebytes
            Mijn Blog

            Comment


            • #7
              nu dan?

              cpaco is bekend!

              hieronder mijn logfile nogmaals...

              Logfile of HijackThis v1.99.0
              Scan saved at 23:42:52, on 29-12-2004
              Platform: Windows XP SP1 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

              Running processes:
              C:\WINNT\System32\smss.exe
              C:\WINNT\system32\winlogon.exe
              C:\WINNT\system32\services.exe
              C:\WINNT\system32\lsass.exe
              C:\WINNT\system32\svchost.exe
              C:\WINNT\System32\svchost.exe
              C:\WINNT\system32\spoolsv.exe
              C:\WINNT\System32\Ati2evxx.exe
              C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
              C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
              C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
              C:\WINNT\System32\svchost.exe
              C:\WINNT\Explorer.EXE
              C:\Program Files\QuickTime\qttask.exe
              C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
              C:\Program Files\PestPatrol\PPControl.exe
              C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
              C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
              C:\WINNT\System32\taskswitch.exe
              C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
              C:\WINNT\System32\ctfmon.exe
              C:\Program Files\MSN Messenger\MsnMsgr.Exe
              C:\WINNT\system32\userinit.exe
              C:\Program Files\Navnt\navapw32.exe
              C:\WINNT\System32\wuauclt.exe
              C:\Hijack This\hijackthis.exe
              C:\WINNT\System32\wuauclt.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
              O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
              O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
              O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
              O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
              O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
              O4 - HKLM\..\Run: [CoolSwitch] C:\WINNT\System32\taskswitch.exe
              O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
              O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
              O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
              O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
              O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
              O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
              O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe
              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
              O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
              O16 - DPF: {AD0E37CE-0A0E-4183-83E9-902CC84A4185} (RootInstaller Class) - https://www.partners.extranet.microsoft.com/Content/launch/rootinst.dll
              O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
              O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
              O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ka.copaco.local
              O17 - HKLM\Software\..\Telephony: DomainName = ka.copaco.local
              O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ka.copaco.local
              O18 - Protocol: OWC11.mso-offdap - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
              O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\System32\Ati2evxx.exe
              O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
              O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
              O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
              O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe

              Comment


              • #8
                Ziet er terug keurig uit!! Well done.

                Hoe zo'n toestanden voorkomen:

                Download en installeer alvast Hitman Pro
                Kijk op de site hoe je het programma juist moet instellen (screenshot aanwezig)
                Dit is een automatische tool die een volledige systeemscan doet met verschillende antispywarescanners zoals spybot s&d, adaware se, spysweeper.. Ook installeert het spywareblaster en configureert die automatisch voor je. Je hoeft gewoon niks te doen, Hitman Pro doet dit allemaal automatisch voor je, alsook het updaten van je antispywarescanners. Laat Hitman Pro regelmatig runnen.

                En kies eventueel een alternatieve browser zoals Opera of Firefox.

                En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall en/of Bitdefender. Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
                Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!

                En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/

                Bekijk ook eens deze 2 filmpjes.. Heel interessant:



                Happy surfing again!
                Microsoft MVP - Consumer Security
                Director of Research @ Malwarebytes
                Mijn Blog

                Comment


                • #9
                  thnx

                  vooral voor je snelle reactie!

                  Comment


                  • #10
                    Graag gedaan hoor. Fijn dat het opgelost is.
                    Verder nog een malwarevrij 2005 gewenst.
                    Microsoft MVP - Consumer Security
                    Director of Research @ Malwarebytes
                    Mijn Blog

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X
                    😀
                    🥰
                    🤢
                    😎
                    😡
                    👍
                    👎