Mededeling

Collapse
No announcement yet.

Wel heel erg veel spyware

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Wel heel erg veel spyware

    Ik heb erg veel last van spyware mn hele desktop staat vol met pictogrammen die ik niet kan verwijderen (casino, lotto, travel, webhosting, printer cartridges) en ook van die irritante homepages en searchbars
    Ik heb al vanalles geprobeerd ad-aware, spybot S&D, Hitman Pro allemaal in veilige modus maar ze zijn nog steeds niet weg
    Ik hoop dat jullie me kunnen helpen.

    HijackThis log

    Logfile of HijackThis v1.99.0
    Scan saved at 13:27:34, on 30-12-2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\d3tp32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    E:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\WINDOWS\System32\ctfmon.exe
    E:\Program Files\Tweak-XP Pro 3\AdBlocker.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    E:\Program Files\WinZip\WZQKPICK.EXE
    c:\progra~1\intern~1\iexplore.exe
    C:\WINDOWS\system32\apiar32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
    C:\Program Files\Softwin\BitDefender8\bdswitch.exe
    E:\Program Files\Mozilla\firefox.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender8\vsserv.exe
    c:\program files\softwin\bitdefender8\bdmcon.exe
    E:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Danny.THUIS\Local Settings\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jxwqcotwqixwrawyq.com/5dSp2quTpFZ6ZZ2uU73iIt0kEYBb6_dOGgN0FWfZ2XvoLAmXMCcO5aOA0a0KjywT.cgi
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fbikl.dll/sp.html#37680
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\fbikl.dll/sp.html#37680
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fbikl.dll/sp.html#37680
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fbikl.dll/sp.html#37680
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fbikl.dll/sp.html#37680
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fbikl.dll/sp.html#37680
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {949C22B6-F320-E403-AF31-7D507C16EE96} - C:\WINDOWS\crvb.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [apiar32.exe] C:\WINDOWS\system32\apiar32.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [ntao32.exe] C:\WINDOWS\system32\ntao32.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\downloads\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Burn Dart Knob Cool] C:\Documents and Settings\All Users\Application Data\Stopholeburndart\Trust base.exe
    O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
    O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender8\\bdnagent.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
    O4 - HKLM\..\RunOnce: [d3tp32.exe] C:\WINDOWS\system32\d3tp32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [coal body] C:\DOCUME~1\DANNY~1.THU\APPLIC~1\OBJINS~1\bias face.exe
    O4 - HKCU\..\Run: [Zfcpo] C:\WINDOWS\System32\??chost.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [BlockAds] "E:\Program Files\Tweak-XP Pro 3\AdBlocker.exe"
    O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
    O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://ocx3.advnt01.com/dialer/olanda_ver3.CAB
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.*****harem.com/stream/mmp.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games4.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
    O16 - DPF: {FF521631-31DA-48AC-B4E9-390A7694C906} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1030_1_146_EN_XP.cab
    O18 - Protocol: bw+0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {C9AF9BA3-C7CD-4A13-9C4B-C56892591176} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: BitDefender Scan Server - Unknown - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: BitDefender Virus Shield - Unknown - C:\Program Files\Softwin\BitDefender8\vsserv.exe
    O23 - Service: BitDefender Communicator - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\system32\ipiv.exe (file missing)
    Labels: Geen
    • Citaat
  • #2
    Hoi,

    Mooie collectie... ziet er inderdaad niet zo gezond uit.
    We zullen dit in verschillende stappen aanpakken. Eerst wil ik dat je enkele andere dingen voor me doet.

    Ga via configuratiescherm naar software > programma's wijzigen/verwijderen en kijk of volgende programma's aanwezig zijn en de-installeer die:

    *Messenger plus <== deze heb je met sponsers geïnstalleerd en dit is ook de reden van die blauwe toolbars, icoontjes op je bureaublad etc..

    *Logitech Desktop messenger <==deze kan je als je log clean is terug installeren als je wil, maar ik laat deze momenteel eerst deïnstalleren om het wat overzichtelijker te maken.

    Tijdens de uninstall van messenger plus zal je een sponservenster krijgen zoals je hier een voorbeeld ziet: http://www.msgplus.net/images/sponsor_uninstall.jpg
    Als je deze niet ziet, kijk dan eens in je taakbar. In dat venster typ je de code in die je te zien krijgt en klik op uninstall.
    Dan gewoon verdere instructies opvolgen die gegeven worden.
    Nadat dit gedaan is, reboot je je pc.

    Nadat je je pc gereboot hebt plaats je een nieuw hijackthislogje en dan pakken we de rest van je problemen aan.
    Pas op.. na het plaatsen van dat logje, NIET meer rebooten of dingen gaan verwijderen of scannen met antispywarescanners. Gewoon dan mijn stappen opvolgen die ik je zal aangeven.
    Microsoft MVP - Consumer Security
    Director of Research @ Malwarebytes
    Mijn Blog
    • Citaat

    Comment

    • #3
      Mn 2de Logfile

      Logfile of HijackThis v1.99.0
      Scan saved at 15:38:27, on 30-12-2004
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
      C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
      C:\Program Files\Softwin\BitDefender8\vsserv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
      C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
      C:\Program Files\Creative\Sh

      ared Files\CAMTRAY.EXE
      C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
      C:\WINDOWS\System32\RUNDLL32.EXE
      E:\downloads\quicktime\qttask.exe
      C:\Program Files\Softwin\BitDefender8\bdmcon.exe
      C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
      C:\Program Files\Softwin\BitDefender8\bdswitch.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\WINDOWS\System32\??chost.exe
      E:\Program Files\Tweak-XP Pro 3\AdBlocker.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      E:\Program Files\WinZip\WZQKPICK.EXE
      C:\WINDOWS\System32\wuauclt.exe
      E:\Program Files\Mozilla\firefox.exe
      C:\Documents and Settings\Danny.THUIS\Bureaublad\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pxnragcfulzbytoee.com/5dSp2quTpFZ6ZZ2uU73iIt0kEYBb6_dOGgN0FWfZ2XvRmcfUB_qLtqOA0a0KjywT.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\fbikl.dll/sp.html#37680
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fbikl.dll/sp.html#37680
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R3 - Default URLSearchHook is missing
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {949C22B6-F320-E403-AF31-7D507C16EE96} - C:\WINDOWS\crvb.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll (file missing)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
      O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
      O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
      O4 - HKLM\..\Run: [apiar32.exe] C:\WINDOWS\system32\apiar32.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [ntao32.exe] C:\WINDOWS\system32\ntao32.exe
      O4 - HKLM\..\Run: [QuickTime Task] "E:\downloads\quicktime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
      O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
      O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
      O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender8\\bdnagent.exe
      O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [Zfcpo] C:\WINDOWS\System32\??chost.exe
      O4 - HKCU\..\Run: [BlockAds] "E:\Program Files\Tweak-XP Pro 3\AdBlocker.exe"
      O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\Xfire.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
      O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
      O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
      O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
      O15 - Trusted IP range: 206.161.125.149
      O15 - Trusted IP range: (HKLM)
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://ocx3.advnt01.com/dialer/olanda_ver3.CAB
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
      O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
      O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.*****harem.com/stream/mmp.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games4.cab
      O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
      O16 - DPF: {FF521631-31DA-48AC-B4E9-390A7694C906} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1030_1_146_EN_XP.cab
      O23 - Service: BitDefender Scan Server - Unknown - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
      O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
      O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
      O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      O23 - Service: BitDefender Virus Shield - Unknown - C:\Program Files\Softwin\BitDefender8\vsserv.exe
      O23 - Service: BitDefender Communicator - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
      O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\system32\ipiv.exe (file missing)
      • Citaat

      Comment

      • #4
        Het is heel belangrijk dat je volgende stappen opvolgt in de juiste volgorde zoals ik ze aangeef.
        Probeer asjeblief niks te missen of we moeten helemaal opnieuw beginnen.

        * Download en installeer CCleaner
        Nog niet gebruiken

        * Download AboutBuster.
        Unzip AboutBuster.zip. Je zal een map te zien krijgen met daarin Aboutbuster.exe en reflist.dll.
        Dubbelklik vanuit die map op AboutBuster.exe. Klik OK, Update, Check For Update en download de updates indien aanwezig.
        Daarna klik je op afsluiten, want nu mag je het programma nog niet laten scannen.
        (Indien je een foutmelding krijgt in aboutbuster, of het programma werkt niet, download missingfilesetup.exe
        Blijf je nog steeds die foutmelding krijgen, post het dan eerst hier vooraleer je verder gaat met de volgende stappen. Meldt er wel duidelijk bij welke foutmelding je juist krijgt.

        * Download hsafix.
        Unzip hsafix op je bureaublad maar klik er nog niet op.

        * Download CWShredder. Nog niet laten runnen!

        * Beter om dit uit te printen of in kladblok op te slaan, want straks moet je in veilige mode en is deze pagina dus niet beschikbaar.

        * Zorg ervoor dat je verborgen mappen en bestanden weergegeven.
        Ga naar Start en klik op Deze computer.
        In de menubalk selecteer je Extra en dan Mapopties.
        Selecteer de tab Weergave.
        Bij Verborgen bestanden en mappen selecteer je Verborgen bestanden en mappen weergeven.
        Bij Bestanden en mappen haal je het vinkje weg bij: Beveiligde besturingssysteembestanden verbergen (aanbevolen).
        Klik op Ja om dit te bevestigen.
        Klik op OK.

        * Start nu je pc op in VEILIGE MODE.
        Tijdens het opstarten hou je de F8-toets ingedrukt tot het opstartmenu verschijnt.
        In dit menu kies je de optie "Veilige modus".

        * Open taakbeheer (CTRL-ALT-DEL) en beeïndig volgende processen indien aanwezig:
        (Best mogelijk dat je geen van deze processen zal zien in taakbeheer, doch dubbelcheck maar even)

        ipiv.exe

        * Start hijackthis en klik op scan.Vink de volgende items aan:

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pxnragcfulzbytoee.com/5d...OA0a0KjywT.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\fbikl.dll/sp.html#37680
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fbikl.dll/sp.html#37680
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

        R3 - Default URLSearchHook is missing

        O2 - BHO: (no name) - {949C22B6-F320-E403-AF31-7D507C16EE96} - C:\WINDOWS\crvb.dll

        O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll (file missing)

        O4 - HKLM\..\Run: [apiar32.exe] C:\WINDOWS\system32\apiar32.exe
        O4 - HKLM\..\Run: [ntao32.exe] C:\WINDOWS\system32\ntao32.exe
        O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
        O4 - HKCU\..\Run: [Zfcpo] C:\WINDOWS\System32\??chost.exe

        O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
        O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)

        O15 - Trusted IP range: 206.161.125.149
        O15 - Trusted IP range: (HKLM)

        O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://ocx3.advnt01.com/dialer/olanda_ver3.CAB
        O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_44.cab
        O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptem...iveSecurity.cab
        O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.*****harem.com/stream/mmp.cab
        O16 - DPF: {FF521631-31DA-48AC-B4E9-390A7694C906} (EGEGAUTH Class) - http://akamai.downloadv3.com/binari...1_146_EN_XP.cab

        O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\system32\ipiv.exe (file missing)

        *Klik nu op 'Fix Checked'.

        * Verwijder via je verkenner de volgende items manueel indien aanwezig:

        C:\WINDOWS\system32\ipiv.exe
        C:\WINDOWS\System32\??chost.exe <==deze heeft 2 rare tekens in het begin
        C:\WINDOWS\System32\tibs3.exe
        C:\WINDOWS\system32\ntao32.exe
        C:\WINDOWS\system32\apiar32.exe
        C:\WINDOWS\crvb.dll
        C:\WINDOWS\fbikl.dll

        * Dubbelklik nu op hsafix die je in het begin hebt gedownload naar je bureaublad.
        Als er gevraagd wordt of je het wil toevoegen aan het register moet je op ja klikken.

        * Start Aboutbuster en laat het scannen.
        Laat het daarna nog eens scannen om er zeker van te zijn dat aboutbuster effectief zijn werk kan afmaken.
        Klik daarna op 'save log'

        * Start CWShredder en klik op FIX

        * Start CCleaner en klik op Run Cleaner (onderaan rechts)
        Als dit gedaan is, reboot je je pc terug normaal.

        * Doe daarna een online virusscan:TrendMicro Housecall.

        * Post een nieuw hijackthislogje + het logje van aboutbuster
        Microsoft MVP - Consumer Security
        Director of Research @ Malwarebytes
        Mijn Blog
        • Citaat

        Comment

        • #5
          Bedankt voor je hulp

          Scanned at: 17:10:51 on: 30-12-2004

          AB Log File
          ------------------------------
          -- Scan 1 ---------------------------
          About:Buster Version 4.0
          Reference List : 21


          Removed Data Streams:
          C:\WINDOWS\addih.dll:dbwzh
          C:\WINDOWS\alchem(3).iniafkq
          C:\WINDOWS\AllState.ini:nhuyh
          C:\WINDOWS\apijb32.dll:bkxvi
          C:\WINDOWS\appds.dll:qolvy
          C:\WINDOWS\appdu32.dll:jtqec
          C:\WINDOWS\appgv.dll:yjfrd
          C:\WINDOWS\b2_t_GTA+VICE+CITY+1%2E1+PATCH788.xml:fpcny
          C:\WINDOWS\d3nr.dll:iobuj
          C:\WINDOWS\explorer.scf:sbvpu
          C:\WINDOWS\Groensteen.bmp:lbfco
          C:\WINDOWS\hlhkt.dll:eeles
          C:\WINDOWS\LOGI_MWX.EXE:njkuv
          C:\WINDOWS\LUINSTALL.LOGonbo
          C:\WINDOWS\mgguj.dll:yknfs
          C:\WINDOWS\msbl.dll:agrdk
          C:\WINDOWS\msnavpklog.txt:sqjzf
          C:\WINDOWS\mta.ini:wtqju
          C:\WINDOWS\mvmfl.dll:tfrdj
          C:\WINDOWS\n_eeifpq.log:gkoxp
          C:\WINDOWS\n_eqeghh.txtqlcf
          C:\WINDOWS\n_ikqocm.dat:zjonc
          C:\WINDOWS\n_kojzrw.log:bejvn
          C:\WINDOWS\n_mwsexk.log:ccphd
          C:\WINDOWS\n_qfgssi.txt:itxnk
          C:\WINDOWS\ocgen.log:frrgf
          C:\WINDOWS\ODBC.INI:gyyxc
          C:\WINDOWS\OEWABLog.txt:vvxko
          C:\WINDOWS\Prairie.bmp:ezgha
          C:\WINDOWS\pryqv(2).dll:rcwuk
          C:\WINDOWS\Revolt Setup Log.txt:baqcp
          C:\WINDOWS\SchedLgU.Txt:hqzxz
          C:\WINDOWS\sierra.ini:fweea
          C:\WINDOWS\ST6UNST.000:sapnc
          C:\WINDOWS\ST6UNST.EXE:hdwbh
          C:\WINDOWS\Stekkie.bmp:kqzne
          C:\WINDOWS\tsoc.log:drohp
          C:\WINDOWS\twain.dll:koncv
          C:\WINDOWS\uninst.exe:hiiaj
          C:\WINDOWS\vmmreg32.dll:vbgmk
          C:\WINDOWS\winhlp32.exe:ufkjr
          C:\WINDOWS\wmsetup10.log:xfwwu
          C:\WINDOWS\WMSysPr9.prxymfl
          C:\WINDOWS\WMSysPrx.prx:vybci
          C:\WINDOWS\Zeepbellen.bmp:sztgl


          Removed 4 Random Key Entries
          Removed! : C:\WINDOWS\rarlh.dat
          Removed! : C:\WINDOWS\System32\fjuaq.dat
          Attempted Clean Of Temp folder.
          Pages Reset... Done!

          -- Scan 2 ---------------------------
          About:Buster Version 4.0
          Reference List : 21


          Removed Data Streams:
          C:\WINDOWS\addih.dll:dbwzh
          C:\WINDOWS\alchem(3).iniafkq
          C:\WINDOWS\AllState.ini:nhuyh
          C:\WINDOWS\apijb32.dll:bkxvi
          C:\WINDOWS\appds.dll:qolvy
          C:\WINDOWS\appdu32.dll:jtqec
          C:\WINDOWS\appgv.dll:yjfrd
          C:\WINDOWS\b2_t_GTA+VICE+CITY+1%2E1+PATCH788.xml:fpcny
          C:\WINDOWS\d3nr.dll:iobuj
          C:\WINDOWS\explorer.scf:sbvpu
          C:\WINDOWS\Groensteen.bmp:lbfco
          C:\WINDOWS\hlhkt.dll:eeles
          C:\WINDOWS\LOGI_MWX.EXE:njkuv
          C:\WINDOWS\LUINSTALL.LOGonbo
          C:\WINDOWS\mgguj.dll:yknfs
          C:\WINDOWS\msbl.dll:agrdk
          C:\WINDOWS\msnavpklog.txt:sqjzf
          C:\WINDOWS\mta.ini:wtqju
          C:\WINDOWS\mvmfl.dll:tfrdj
          C:\WINDOWS\n_eeifpq.log:gkoxp
          C:\WINDOWS\n_eqeghh.txtqlcf
          C:\WINDOWS\n_ikqocm.dat:zjonc
          C:\WINDOWS\n_kojzrw.log:bejvn
          C:\WINDOWS\n_mwsexk.log:ccphd
          C:\WINDOWS\n_qfgssi.txt:itxnk
          C:\WINDOWS\ocgen.log:frrgf
          C:\WINDOWS\ODBC.INI:gyyxc
          C:\WINDOWS\OEWABLog.txt:vvxko
          C:\WINDOWS\Prairie.bmp:ezgha
          C:\WINDOWS\pryqv(2).dll:rcwuk
          C:\WINDOWS\Revolt Setup Log.txt:baqcp
          C:\WINDOWS\SchedLgU.Txt:hqzxz
          C:\WINDOWS\sierra.ini:fweea
          C:\WINDOWS\ST6UNST.000:sapnc
          C:\WINDOWS\ST6UNST.EXE:hdwbh
          C:\WINDOWS\Stekkie.bmp:kqzne
          C:\WINDOWS\tsoc.log:drohp
          C:\WINDOWS\twain.dll:koncv
          C:\WINDOWS\uninst.exe:hiiaj
          C:\WINDOWS\vmmreg32.dll:vbgmk
          C:\WINDOWS\winhlp32.exe:ufkjr
          C:\WINDOWS\wmsetup10.log:xfwwu
          C:\WINDOWS\WMSysPr9.prxymfl
          C:\WINDOWS\WMSysPrx.prx:vybci
          C:\WINDOWS\Zeepbellen.bmp:sztgl


          Attempted Clean Of Temp folder.
          Pages Reset... Done!


          HijackThis Log File
          ------------------------------
          Logfile of HijackThis v1.99.0
          Scan saved at 17:23:33, on 30-12-2004
          Platform: Windows XP (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 (6.00.2600.0000)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
          C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
          C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
          C:\WINDOWS\System32\RUNDLL32.EXE
          E:\downloads\quicktime\qttask.exe
          C:\Program Files\Softwin\BitDefender8\bdmcon.exe
          C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
          C:\Program Files\Softwin\BitDefender8\bdswitch.exe
          C:\WINDOWS\System32\ctfmon.exe
          C:\Program Files\Logitech\MouseWare\system\em_exec.exe
          E:\Program Files\Tweak-XP Pro 3\AdBlocker.exe
          C:\Program Files\Norton AntiVirus\navapsvc.exe
          C:\WINDOWS\System32\nvsvc32.exe
          E:\Program Files\WinZip\WZQKPICK.EXE
          E:\Program Files\Xfire\Xfire.exe
          C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\ZoneLabs\vsmon.exe
          C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
          C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
          C:\Program Files\Softwin\BitDefender8\vsserv.exe
          E:\Program Files\Mozilla\firefox.exe
          C:\WINDOWS\system32\NOTEPAD.EXE
          E:\Program Files\HijackThis.exe

          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
          O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
          O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
          O4 - HKLM\..\Run: [QuickTime Task] "E:\downloads\quicktime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
          O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
          O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender8\\bdnagent.exe
          O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
          O4 - HKCU\..\Run: [BlockAds] "E:\Program Files\Tweak-XP Pro 3\AdBlocker.exe"
          O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\Xfire.exe
          O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
          O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
          O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
          O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
          O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
          O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
          O15 - Trusted IP range: 206.161.125.149
          O15 - Trusted IP range: (HKLM)
          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
          O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
          O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games4.cab
          O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
          O23 - Service: BitDefender Scan Server - Unknown - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
          O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
          O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
          O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
          O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
          O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
          O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
          O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
          O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
          O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
          O23 - Service: BitDefender Virus Shield - Unknown - C:\Program Files\Softwin\BitDefender8\vsserv.exe
          O23 - Service: BitDefender Communicator - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
          • Citaat

          Comment

          • #6
            Ziet er al veel beter uit hé? Well done!!

            Nu nog restantjes aanpakken:

            Download Hoster
            Unzip hoster naar een eigen map, bv C:\Hoster
            Start Hoster.exe, klik 'Restore Original Hosts' en klik OK. Sluit daarna het programma af.

            * Start hijackthis en vink volgende items aan:

            O15 - Trusted IP range: 206.161.125.149
            O15 - Trusted IP range: (HKLM)

            * Sluit alle open vensters behalve hijackthis en klik: Fix Checked.

            Het kan zijn dat deze hijacker bepaalde bestanden heeft verwijderd. Controleer of de volgende nog aanwezig zijn:

            #Control.exe: Staat in je C:\WINDOWS\system32. Hier downloaden indien het ontbreekt.
            Download wel de versie die overeenkomt met je systeem en kopieer het terug naar de desbetreffende map.

            #SDHelper.dll: Als je Spybot Search & Destroy gebruikt kan deze hijacker ook het bestand SDHelper.dll verwijderen.
            Download SDHelper.dll: sdhelper.
            Plaats de file in de installatiemap van Spybot Search & Destroy. Meestal is dit C:\Program Files\Spybot - Search & Destroy

            #Shell.dll: Controleer of shell.dll in je C:\WINDOWS\SYSTEM32 map staat. Hier downloaden indien het ontbreekt

            Reboot daarna nog 1 keer je pc en post een allerlaatst nieuw hijackthislogje als checkup.
            Microsoft MVP - Consumer Security
            Director of Research @ Malwarebytes
            Mijn Blog
            • Citaat

            Comment

            • #7
              Logfile of HijackThis v1.99.0
              Scan saved at 17:16:43, on 31-12-2004
              Platform: Windows XP (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 (6.00.2600.0000)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Norton AntiVirus\navapsvc.exe
              C:\WINDOWS\System32\nvsvc32.exe
              C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\ZoneLabs\vsmon.exe
              C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
              C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
              C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
              C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
              C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
              C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
              C:\WINDOWS\System32\RUNDLL32.EXE
              E:\downloads\quicktime\qttask.exe
              C:\Program Files\Softwin\BitDefender8\bdmcon.exe
              C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
              C:\Program Files\Softwin\BitDefender8\bdswitch.exe
              C:\WINDOWS\System32\ctfmon.exe
              E:\Program Files\Tweak-XP Pro 3\AdBlocker.exe
              C:\Program Files\Softwin\BitDefender8\vsserv.exe
              C:\Program Files\Logitech\MouseWare\system\em_exec.exe
              E:\Program Files\WinZip\WZQKPICK.EXE
              E:\Program Files\Xfire\Xfire.exe
              E:\Program Files\HijackThis.exe
              C:\WINDOWS\System32\wuauclt.exe

              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
              O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
              O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
              O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
              O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
              O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
              O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
              O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
              O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
              O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
              O4 - HKLM\..\Run: [QuickTime Task] "E:\downloads\quicktime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
              O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
              O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender8\\bdnagent.exe
              O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
              O4 - HKCU\..\Run: [BlockAds] "E:\Program Files\Tweak-XP Pro 3\AdBlocker.exe"
              O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\Xfire.exe
              O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
              O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
              O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
              O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
              O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
              O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
              O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
              O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
              O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
              O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
              O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
              O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games4.cab
              O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
              O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
              O23 - Service: BitDefender Scan Server - Unknown - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
              O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
              O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
              O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
              O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
              O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
              O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
              O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
              O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
              O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
              O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
              O23 - Service: BitDefender Virus Shield - Unknown - C:\Program Files\Softwin\BitDefender8\vsserv.exe
              O23 - Service: BitDefender Communicator - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
              • Citaat

              Comment

              • #8
                Ziet er terug keurig uit! Well done!!

                Hoe zo'n toestanden voorkomen:

                Bezoek ASAP http://windowsupdate.microsoft.com/
                want je hebt zelfs SP1 niet op je systeem staan. Zolang je de updates niet hebt zal je systeem onveilig blijven.

                Laat Hitman Pro regelmatig runnen.

                En kies eventueel een alternatieve browser zoals Opera of Firefox.

                En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall en/of Bitdefender. Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
                Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!

                Bekijk ook eens deze 2 filmpjes.. Heel interessant:
                http://www2.trosradar.nl/mediaplayer/player.php?videoID=524&mode=dossier#

                http://www.benedelman.org/spyware/security-111804.wmv


                Happy surfing again en een malwarevrij 2005 gewenst.
                Microsoft MVP - Consumer Security
                Director of Research @ Malwarebytes
                Mijn Blog
                • Citaat

                Comment

                • #9
                  kheb een probleem met het installeren van SP1 en SP2 als ik de setup opstart krijg ik bij het invetariseren een melding dat het bestand atapi.sys door een ander programma in gebruik is. Daardooor lukt het me niet om SP1 te installeren. ik hoop dat je me ermee kunt helpen

                  en een gelukkig nieuwjaar BTW
                  Last edited by Botloos; 01-01-05, 13:30.
                  • Citaat

                  Comment

                  • #10
                    Lees hier eens:

                    Microsoft Support
                    http://support.microsoft.com/default.aspx?scid=kb;en-us;555086
                    Microsoft support is here to help you with Microsoft products. Find how-to articles, videos, and training for Microsoft 365, Windows, Surface, and more.
                    Microsoft MVP - Consumer Security
                    Director of Research @ Malwarebytes
                    Mijn Blog
                    • Citaat

                    Comment

                    Vorige template Volgende
                    Sorry, you are not authorized to view this page
                    Working...
                    X