Mededeling

Collapse
No announcement yet.

Pictogramma, favorieten en searchbalk

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Pictogramma, favorieten en searchbalk

    Hallo

    Heb opeens wel heel hardnekkige pictogrammen op mijn bureaublad, ze zijn niet te verwijderen met rechtsklikken. Verder staat er opeens een hele nieuwe rij bij mijn favorieten en dan ook nog een een zoekbalk.

    Heb ad-aware en spybot al gebruikt. Wie kan mij a.u.b. helpen?

    Hier volgt mijn log:

    Logfile of HijackThis v1.99.0
    Scan saved at 19:31:17, on 30-12-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Free Surfer\fs20.exe
    C:\PROGRA~1\ADSLUS~1\bin\win2k\tidslmon.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\OPLIMIT\ocrawr32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackthis.exe
    c:\progra~1\intern~1\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rnydwzrljzshoizdurswteztv.com/v7UtLEcVBOXOOay4yFISg8f52WcfqbM0qjmZPmseFyLOO8ewMoZLj_IZGpy0ASf4.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nedstatbasic.net/s?tab=1&link=1&id=751257&name=kaneteller
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.worldonline.nl:8080
    F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {39250135-0F5F-E1C8-8810-8A566EFADBBF} - C:\DOCUME~1\Baauw\APPLIC~1\SITEON~1\mapi draw.exe
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {62E6F493-9281-E590-DE29-91B0AA2F4373} - C:\PROGRA~1\SITEON~1\Bias Info.exe (file missing)
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
    O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\ADSLUS~1\bin\win2k\tidslmon.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [dale body frag comp] C:\Documents and Settings\All Users\Application Data\Chic Bend Dale Body\hidetwo.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [Idol Owns] C:\DOCUME~1\Baauw\APPLIC~1\BAGS01~1\Bone Bike.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\OFFICE\OSA9.EXE
    O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
    O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    Labels: Geen
    • Citaat
  • #2
    Hoi,

    Je hebt blijkbaar messenger plus met sponsers geïnstalleerd. Dus, ik raad je aan om eerst messenger plus te deïnstalleren. Die kan je wanneer je systeem terug clean is terug installeren, maar deze keer zonder sponsers. (Deze optie kan je kiezen bij het begin van de installatie).

    Tijdens de uninstall ervan zal je een sponservenster krijgen zoals je hier een voorbeeld ziet: http://www.msgplus.net/images/sponsor_uninstall.jpg
    Als je deze niet ziet, kijk dan eens in je taakbar. In dat venster typ je de code in die je te zien krijgt en klik op uninstall.
    Dan gewoon verdere instructies opvolgen die gegeven worden.
    Nadat dit gedaan is, reboot je je pc en post een nieuw hijackthislogje.
    Microsoft MVP - Consumer Security
    Director of Research @ Malwarebytes
    Mijn Blog
    • Citaat

    Comment

    • #3
      Bedankt voor je reaktie.

      Ik weet niet of het helemaal goed gelukt is om messenger plus te deïnstalleren.

      Heb in ieder geval een nieuwe log gemaakt, wat kan ik verder doen om van alle spyware af te komen?


      Logfile of HijackThis v1.99.0
      Scan saved at 12:39:58, on 3-1-2005
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\crypserv.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ntvdm.exe
      C:\Program Files\Logitech\iTouch\iTouch.exe
      C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Free Surfer\fs20.exe
      C:\PROGRA~1\ADSLUS~1\bin\win2k\tidslmon.exe
      C:\WINDOWS\System32\LXSUPMON.EXE
      C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
      C:\OPLIMIT\ocrawr32.exe
      C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      c:\progra~1\intern~1\iexplore.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\hijackthis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.towkisuvrsmkvgclgb.com/v7UtLEcVBOXOOay4yFISg8f52WcfqbM0qjmZPmseFyIlQLJ7AUPyzuIZGpy0ASf4.jsp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nedstatbasic.net/s?tab=1&link=1&id=751257&name=kaneteller
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.worldonline.nl:8080
      F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {39250135-0F5F-E1C8-8810-8A566EFADBBF} - C:\DOCUME~1\Baauw\APPLIC~1\SITEON~1\Bias Info.exe
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: (no name) - {62E6F493-9281-E590-DE29-91B0AA2F4373} - C:\PROGRA~1\SITEON~1\Bias Info.exe (file missing)
      O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
      O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
      O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
      O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
      O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\ADSLUS~1\bin\win2k\tidslmon.exe
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
      O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
      O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [dale body frag comp] C:\Documents and Settings\All Users\Application Data\Chic Bend Dale Body\Plan tick.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [Idol Owns] C:\DOCUME~1\Baauw\APPLIC~1\BAGS01~1\Bone Bike.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\OFFICE\OSA9.EXE
      O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
      O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
      O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
      O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
      O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
      O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
      • Citaat

      Comment

      • #4
        Ok.. we zullen de restanten dan manueel aanpakken.

        * Zorg ervoor dat je verborgen mappen en bestanden weergegeven zijn. Hoe deze weer te geven.

        * Start hijackthis en vink volgende items aan:

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.towkisuvrsmkvgclgb.com/v...uIZGpy0ASf4.jsp
        O2 - BHO: (no name) - {39250135-0F5F-E1C8-8810-8A566EFADBBF} - C:\DOCUME~1\Baauw\APPLIC~1\SITEON~1\Bias Info.exe
        O2 - BHO: (no name) - {62E6F493-9281-E590-DE29-91B0AA2F4373} - C:\PROGRA~1\SITEON~1\Bias Info.exe (file missing)
        O4 - HKLM\..\Run: [dale body frag comp] C:\Documents and Settings\All Users\Application Data\Chic Bend Dale Body\Plan tick.exe
        O4 - HKCU\..\Run: [Idol Owns] C:\DOCUME~1\Baauw\APPLIC~1\BAGS01~1\Bone Bike.exe
        O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)

        * Sluit alle open vensters behalve hijackthis en klik: Fix Checked.

        * Start nu je pc op in VEILIGE MODE. Hoe start ik in veilige mode op.

        * Zoek daarna via verkenner volgende items en verwijder deze manueel indien nog aanwezig:

        C:\DOCUMENTS AND SETTINGS\Baauw\APPLICATION DATA\SITEON... <==deze map (begint mey deze letters)
        C:\PROGRAM FILES\SITEON... <==deze map
        C:\Documents and Settings\All Users\Application Data\Chic Bend Dale Body <==deze map
        C:\DOCUMENTS AND SETTINGS\Baauw\APPLICATION DATA\BAGS01... <==deze map

        * Reboot je pc terug normaal en post een nieuw hijackthislogje.
        Microsoft MVP - Consumer Security
        Director of Research @ Malwarebytes
        Mijn Blog
        • Citaat

        Comment

        • #5
          Hoi Miekiemoes

          Ik geloof dat het de goede kant opgaat.
          Heb gedaan wat je schreef.


          Bijgaand mijn nieuwe log:


          Logfile of HijackThis v1.99.0
          Scan saved at 14:35:42, on 3-1-2005
          Platform: Windows XP SP1 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\LEXBCES.EXE
          C:\WINDOWS\system32\LEXPPS.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          C:\Program Files\Norton AntiVirus\navapsvc.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\ntvdm.exe
          C:\Program Files\Logitech\iTouch\iTouch.exe
          C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\Program Files\Free Surfer\fs20.exe
          C:\PROGRA~1\ADSLUS~1\bin\win2k\tidslmon.exe
          C:\WINDOWS\System32\LXSUPMON.EXE
          C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\WINDOWS\system32\dla\tfswctrl.exe
          C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
          C:\OPLIMIT\ocrawr32.exe
          C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
          C:\WINDOWS\System32\ctfmon.exe
          C:\WINDOWS\System32\wuauclt.exe
          C:\Program Files\hijackthis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nedstatbasic.net/s?tab=1&link=1&id=751257&name=kaneteller
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.worldonline.nl:8080
          F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
          O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
          O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
          O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
          O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
          O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
          O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
          O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\ADSLUS~1\bin\win2k\tidslmon.exe
          O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
          O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
          O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
          O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
          O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
          O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
          O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\OFFICE\OSA9.EXE
          O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
          O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
          O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
          O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
          O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
          O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
          O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
          O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
          O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
          O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
          O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
          O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
          O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
          O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
          O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
          • Citaat

          Comment

          • #6
            Deze log ziet er terug goed uit.
            Heb je nog last van die toolbars etc.. ??

            Hoe zo'n toestanden voorkomen:

            Download en installeer alvast Hitman Pro
            Kijk op de site hoe je het programma juist moet instellen (screenshot aanwezig)
            Dit is een automatische tool die een volledige systeemscan doet met verschillende antispywarescanners zoals spybot s&d, adaware se, spysweeper.. Ook installeert het spywareblaster en configureert die automatisch voor je. Je hoeft gewoon niks te doen, Hitman Pro doet dit allemaal automatisch voor je, alsook het updaten van je antispywarescanners. Als je al bepaalde programma's hebt die Hitman ook bevat, dan is het niet nodig om deze te deïnstalleren. Laat Hitman Pro regelmatig runnen.

            Tijdens het surfen, klik niet overal klakkeloos op ja als je dit gevraagd wordt... doe dit enkel wanneer je het volledig vertrouwt.

            En kies eventueel een alternatieve browser zoals Opera of Firefox.

            En ik raad je ook aan om af en toe een online virusscan uit te voeren. housecall en/of Bitdefender. Want, wat de ene scanner niet kan vinden, kan een andere misschien wel.
            Zorg er ook voor dat je virusscanner die op je systeem geïnstalleerd is altijd up to date is!!

            En... geregeld eens een bezoekje brengen aan: http://windowsupdate.microsoft.com/

            Bekijk ook eens deze 2 filmpjes.. Heel interessant:
            http://www2.trosradar.nl/mediaplayer/player.php?videoID=524&mode=dossier#

            http://www.benedelman.org/spyware/security-111804.wmv


            Happy surfing again!
            Microsoft MVP - Consumer Security
            Director of Research @ Malwarebytes
            Mijn Blog
            • Citaat

            Comment

            • #7
              Hallo

              Ben van alle ellende verlost, nergens meer last van.
              Had dit zelf niet op kunnen lossen.
              Zal hitman pro er op zetten, windows en virusscanner update ik al regelmatig.

              Heel erg bedankt voor alle hulp!!
              • Citaat

              Comment

              • #8
                Graag gedaan hoor.
                Microsoft MVP - Consumer Security
                Director of Research @ Malwarebytes
                Mijn Blog
                • Citaat

                Comment

                Vorige template Volgende
                Sorry, you are not authorized to view this page
                Working...
                X