dionysos
wzl-lid
Sinds 26/9/2004
T:9 -
R:501
|
12/12/2004 -
20:35u
| Quote
|
rechts vanonder in je startbalk staan allemaal icoontjes -> hoe minder icoontjes hoe sneller je pc werkt probeer dus wa van die managers uit te zetten!
C:\WINDOWS\Mixer.exe -> wat is dit? ziet er nogal raar uit als je totaal nie weet wat het is verwijder dan de exe C:\WINDOWS\system32\NotifyPhoneBook.exe -> ziet er me ook nogal raar uit C:\Program Files\INTERVIDEO\COMMON\BIN\WinCinemaMgr.exe kweet nie wa voor programma da is maar probeer da weg te krijge  C:\WINDOWS\system32\wdfmgr.exe -> verdacht! C:\WINDOWS\System32\MsPMSPSv.exe -> ook nogal rare exe (denk nie dat die er zou moeten staan!) C:\WINDOWS\System32\alg.exe -> ook rare exe C:\WINDOWS\system32\wuauclt.exe -> nog een rarn 
al die exe's zijn waarschijnlijk spyware dus je zou mss best eens kijke voor een een goed anti-spyware programma of gewoon eens kijk bij add en remove programs kijke welke programmas geinstaleert zijn die spyware zijn (bv. My Search, ...) veel success
|
Cmax
WZL-lid
Sinds 4/6/2003
T:7 -
R:234
|
13/12/2004 -
8:49u
| Quote
|
dionysos schreef: al die exe's zijn waarschijnlijk spyware dus je zou mss best eens kijke voor een een goed anti-spyware programma of gewoon eens kijk bij add en remove programs kijke welke programmas geinstaleert zijn die spyware zijn (bv. My Search, ...) veel success 
kijk, voor je al die commentaar op die exe's post kan je best eerst eens nakijken of die toevallig ook niet standaard windows exe's zijn. hij heeft helemaal geen gelijk buiten de bovenste 2. (tenzij jij weet voor wat ze dienen, maar ik ken ze niet) Al de rest zijn standaard windows xp exe's of programma related. en wat stellen al die voor? die staan daar op de raarste plaatsen...
voor je zoiets aanraad van te verwijderen kijk dat best na, want zomaar exe's verwijderen uit uw system32 kan nare gevolgen hebben.
Laatst aangepast door
Cmax
op 13/12/2004 8:53:52u
(3x aangepast)
|
dionysos
wzl-lid
Sinds 26/9/2004
T:9 -
R:501
|
13/12/2004 -
21:05u
| Quote
|
daarom dat ze altijd virusse en spyware in system32 smijte geloof me keb et zelf ook nog gedaan
|
jeevee
wzl-lid
Sinds 9/1/2004
T:5 -
R:37
|
13/12/2004 -
23:03u
| Quote
|
Ad-Aware !!
Laatst aangepast door
jeevee
op 13/12/2004 23:03:48u
(1x aangepast)
|
THeMiNDeD
wzl-lid
Sinds 14/12/2004
T:0 -
R:1
|
14/12/2004 -
13:06u
| Quote
|
euhm wel ok ff bij vermelde ze hebben het hier allemaal over spy en toolbars etc etc etc maar hetgeen wat ik hier nog niet heb gezien ... Temporary internet files goe leeggemaakt? en ook u temp ???????????????????????????????????????????? maakt die is eerst goe leeg en defreg dan is....
|
jimbaar
Nerdus superiorum
Sinds 4/6/2003
T:56 -
R:1193
|
16/12/2004 -
20:00u
| Quote
|
Ad-Aware !!
Mac OS X
|
Darunia
wzl-lid
Sinds 18/12/2004
T:6 -
R:336
|
24/12/2004 -
9:52u
| Quote
|
hoi, indien er nog problemen zijn, post snel even een nieuwe log. Ik kijk hem dan zo snel mogelijk voor je na. In je vorige log is te zien dat je toch wat troep op je pc hebt staan. Spyware wisselt frequent van naam, daarom heb ik een nieuwe log nodig. Ik weet dat dit eerder een oud onderwerp is maar misschien sukkel je nog met het probleem...
|
Vibra
wzl-lid
Sinds 24/9/2004
T:19 -
R:1060
|
24/12/2004 -
21:32u
| Quote
|
aangezien da ge toch zo graag wilt controleren controleert dan de mijne eens :
C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\temp\salm.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Web_Rebates\WebRebates0.exe C:\Program Files\Windows ServeAd\WinServAd.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\program files\steam\steam.exe C:\Program Files\Windows ServeAd\WinServSuit.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BMT MouseTracker\MouseTrack.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Samurize\Client.exe C:\Program Files\TextBridge Pro 9.0\Bin\Ereg\Remind32.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Web_Rebates\WebRebates1.exe C:\Program Files\Crazy Browser\Crazy Browser.exe D:\Arne\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Acronis True Image Monitor] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe" O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [nadod] C:\WINDOWS\nadod.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [salm] c:\temp\salm.exe O4 - HKLM\..\Run: [tapkfyd] C:\WINDOWS\tapkfyd.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\FlatBed\HotKey.exe O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BMT] C:\Program Files\BMT MouseTracker\MouseTrack.exe O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 9.0\Bin\Ereg\Remind32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res /C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Web Rebates - file /C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE 6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=206a699e9ed002b764e389490796fb536ca1eceedef00fe00861e04964b74e26b235adf0c31b37010e 2c69b6760c019447ee1641cd70938325:23e58dabdfe8c5d6602b8bf1fcecd7ff O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093258087570 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://virusscan.zdnet.nl/housecall/xscan53.cab O23 - Service: Acronis Scheduler2 Service - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
|
Darunia
wzl-lid
Sinds 18/12/2004
T:6 -
R:336
|
25/12/2004 -
9:15u
| Quote
|
Ok, eerst zorgen dat alle verborgen mappen weergegeven worden. Daarna naar configuratiescherm>software gaan om volgende programma's te verwijderen.
WebRebates Windows Adserver
Start de computer vervolgens opnieuw op in veilige modus.
Sluit alle open vensters, draai hijackthis opnieuw en fix volgende regels:
R3 - Default URLSearchHook is missing O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL O4 - HKLM\..\Run: [nadod] C:\WINDOWS\nadod.exe O4 - HKLM\..\Run: [salm] c:\temp\salm.exe O4 - HKLM\..\Run: [tapkfyd] C:\WINDOWS\tapkfyd.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe O8 - Extra context menu item: Web Rebates - file/C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=206a699e9ed002b764e389490796fb536ca1eceedef00fe00861e04964b74e26b235adf0c31b37010e2c69b6760c019447ee1641cd70938325:23e58dabdfe8c5d6602b8bf1fcecd7ff
Verwijder de volgende bestanden en/of mappen indien aanwezig: C:\WINDOWS\nadod.exe (bestand) C:\WINDOWS\tapkfyd.exe (bestand) C:\Program Files\Web_Rebates (map) C:\Program Files\Windows ServeAd (map)
Start de computer opnieuw op en post een nieuwe log. (Dit keer de volledige, ook de bovenste regels waar instaat wat voor pc e.d. je hebt )
|
Vibra
wzl-lid
Sinds 24/9/2004
T:19 -
R:1060
|
25/12/2004 -
11:43u
| Quote
|
waar stelde da in da alle mappen weergegeven worden
|
Vibra
wzl-lid
Sinds 24/9/2004
T:19 -
R:1060
|
25/12/2004 -
12:08u
| Quote
|
Na gedaan te hebben wa ge wilde heb ik nu dit:
Logfile of HijackThis v1.99.0 Scan saved at 12:06:58, on 25/12/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Twain_32\FlatBed\HotKey.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\program files\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BMT MouseTracker\MouseTrack.exe C:\Program Files\Samurize\Client.exe C:\Program Files\TextBridge Pro 9.0\Bin\Ereg\Remind32.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe D:\Arne\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Acronis True Image Monitor] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe" O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\FlatBed\HotKey.exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BMT] C:\Program Files\BMT MouseTracker\MouseTrack.exe O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 9.0\Bin\Ereg\Remind32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res /C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093258087570 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://virusscan.zdnet.nl/housecall/xscan53.cab O23 - Service: Acronis Scheduler2 Service - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
|
Darunia
wzl-lid
Sinds 18/12/2004
T:6 -
R:336
|
25/12/2004 -
23:28u
| Quote
|
Start>Deze computer>Extra>Mapopties>tab Weergave>'Verborgen bestanden en mappen weergeven' Bij Bestanden en mappen haal je het vinkje weg bij: Beveiligde besturingssysteembestanden verbergen (aanbevolen).
Zo geef je verborgen bestanden weer. Kijk of je nog iets vindt. Indien ja, nieuwe log. Indien nee, ga ik met je laatste log verder.
|
Vibra
wzl-lid
Sinds 24/9/2004
T:19 -
R:1060
|
26/12/2004 -
0:42u
| Quote
|
Geen zin om te kijken of er iets verandert is 
Logfile of HijackThis v1.99.0 Scan saved at 0:42:10, on 26/12/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Twain_32\FlatBed\HotKey.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\program files\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BMT MouseTracker\MouseTrack.exe C:\Program Files\Samurize\Client.exe C:\Program Files\TextBridge Pro 9.0\Bin\Ereg\Remind32.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\System32\rsvp.exe C:\Program Files\Crazy Browser\Crazy Browser.exe C:\Program Files\Messenger\msmsgs.exe D:\Arne\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Acronis True Image Monitor] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl-be\msnappau.exe" O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\FlatBed\HotKey.exe O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BMT] C:\Program Files\BMT MouseTracker\MouseTrack.exe O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 9.0\Bin\Ereg\Remind32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res /C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093258087570 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://virusscan.zdnet.nl/housecall/xscan53.cab O23 - Service: Acronis Scheduler2 Service - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
|
Darunia
wzl-lid
Sinds 18/12/2004
T:6 -
R:336
|
26/12/2004 -
10:41u
| Quote
|
Ziet er goed uit nu. Maak nu je Temp-map nog leeg: Start>Uitvoeren> tik in: %TEMP%. Selecteer alle bestanden in deze map en verwijder ze.
|
Vibra
wzl-lid
Sinds 24/9/2004
T:19 -
R:1060
|
26/12/2004 -
18:20u
| Quote
|
thx dude
|