Vraag & Antwoord

Beveiliging & privacy

Spyware en andere onzin

24 antwoorden
  • Ik heb een aantal vragen ik hoop dat jullie me ermee kunnen helpen. Als ik op [i:b4fd26f5fb]ctrl+del[/i:b4fd26f5fb] druk zie ik bij toepassingen: [b:b4fd26f5fb]pup[/b:b4fd26f5fb] staan elke keer als ik me PC opnieuw opstart staat 't er weer? wat is dit en moet ik dit verwijderen? 2e vraag, als ik met spybot me PC scan op spyware, dan geeft hij een lijst met [b:b4fd26f5fb]BackWeb Lite[/b:b4fd26f5fb] maar hij vinkt ze niet automatisch aan. Kan ik deze gewoon verwijderen? 3e vraag Ik heb een [b:b4fd26f5fb]ISearch toolbar[/b:b4fd26f5fb] in me internet explorer maar als ik me PC scan met [i:b4fd26f5fb]Spybot[/i:b4fd26f5fb] of [i:b4fd26f5fb]Ad-aware[/i:b4fd26f5fb] gaat hij niet weg. Hoe kan ik deze verwijderen? Alvast bedankt.
  • Hallo -TeR-, Backweb is een programma dat gebruikt wordt om te kijken of er voor andere programma's nieuwe updates van drivers of software beschikbaar zijn. Je kan best zonder Backweb. Verwijderen dus. Voor je andere vragen had ik graag een HijackThislog. Download [url=http://www.spywareinfo.com/~merijn/files/HijackThis.exe]HijackThis[/url]. Sla het bestand op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maak namelijk backups in de map waar het opgestart wordt. Run het programma. Klik op scan, save log en sla het log op als een .txt bestand. Kopieer en plak de inhoud in je volgende bericht. groeten Marc
  • OK bedankt M@rc ik ga 't ff doen. Alleen werkt de link niet. :-? Ik heb al een andere gevonden. :D
  • Gaat lekker snel. dit is de log. Logfile of HijackThis v1.97.7 Scan saved at 12:11:07, on 15-4-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Messenger Plus! 2\MsgPlus.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe C:\PROGRA~1\DAP\DAP.EXE C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\6048220.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\EarthView\EarthView.exe C:\Program Files\Internet Explorer\iexplore.exe C:\wincmd\WinCmd32.exe F:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zdnet.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/QuickPage/Portal/portal.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.zdnet.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) R3 - URLSearchHook: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll O1 - Hosts: 127.0.0.0 localhost O1 - Hosts: 127.0.0.2 auditmypc.com O1 - Hosts: 127.0.0.3 boards.cexx.org O1 - Hosts: 127.0.0.4 bulletproofsoft.net O1 - Hosts: 127.0.0.5 camtech2000.net O1 - Hosts: 127.0.0.6 cexx.org O1 - Hosts: 127.0.0.7 computercops.us O1 - Hosts: 127.0.0.8 ct7support.com O1 - Hosts: 127.0.0.9 doxdesk.com O1 - Hosts: 127.0.0.20 kellys-korner-xp.com O1 - Hosts: 127.0.0.21 kephyr.com O1 - Hosts: 127.0.0.22 lavasoft.de O1 - Hosts: 127.0.0.23 lavasoftusa.com O1 - Hosts: 127.0.0.24 lurkhere.com O1 - Hosts: 127.0.0.25 majorgeeks.com O1 - Hosts: 127.0.0.26 merijn.org O1 - Hosts: 127.0.0.27 mjc1.com O1 - Hosts: 127.0.0.28 moosoft.com O1 - Hosts: 127.0.0.29 mvps.org O1 - Hosts: 127.0.0.30 net-integration.net O1 - Hosts: 127.0.0.31 noadware.net O1 - Hosts: 127.0.0.32 no-spybot.com O1 - Hosts: 127.0.0.33 onlinepcfix.com O1 - Hosts: 127.0.0.34 pchell.com O1 - Hosts: 127.0.0.35 pestpatrol.com O1 - Hosts: 127.0.0.36 safer-networking.org O1 - Hosts: 127.0.0.37 secure.spykiller.com O1 - Hosts: 127.0.0.38 secureie.com O1 - Hosts: 127.0.0.39 security.kolla.de O1 - Hosts: 127.0.0.40 spybot.info O1 - Hosts: 127.0.0.41 spychecker.com O1 - Hosts: 127.0.0.42 spychecker.com O1 - Hosts: 127.0.0.43 spycop.com O1 - Hosts: 127.0.0.44 spyguard.com O1 - Hosts: 127.0.0.45 spykiller.com O1 - Hosts: 127.0.0.46 spyware.co.uk O1 - Hosts: 127.0.0.47 spyware-cop.com O1 - Hosts: 127.0.0.48 spywareinfo.com O1 - Hosts: 127.0.0.49 spywarenuker.com O1 - Hosts: 127.0.0.50 spywareremove.com O1 - Hosts: 127.0.0.51 spywareremove.com O1 - Hosts: 127.0.0.52 stopzillapro.com O1 - Hosts: 127.0.0.53 sunbelt-software.com O1 - Hosts: 127.0.0.54 thiefware.com O1 - Hosts: 127.0.0.55 tomcoyote.org O1 - Hosts: 127.0.0.56 unwantedlinks.com O1 - Hosts: 127.0.0.57 webattack.com O1 - Hosts: 127.0.0.58 wilders.org O1 - Hosts: 127.0.0.59 www.auditmypc.com O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net O1 - Hosts: 127.0.0.61 www.cexx.org O1 - Hosts: 127.0.0.62 www.computercops.us O1 - Hosts: 127.0.0.63 www.ct7support.com O1 - Hosts: 127.0.0.64 www.doxdesk.com O1 - Hosts: 127.0.0.65 www.eblocs.com O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com O1 - Hosts: 127.0.0.68 www.free-web-browsers.com O1 - Hosts: 127.0.0.69 www.grc.com O1 - Hosts: 127.0.0.70 www.grisoft.com O1 - Hosts: 127.0.0.71 www.hackfaq.org O1 - Hosts: 127.0.0.72 www.hazeleger.net O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com O1 - Hosts: 127.0.0.75 www.kephyr.com O1 - Hosts: 127.0.0.76 www.lavasoft.de O1 - Hosts: 127.0.0.77 www.lavasoftusa.com O1 - Hosts: 127.0.0.78 www.lurkhere.com O1 - Hosts: 127.0.0.79 www.majorgeeks.com O1 - Hosts: 127.0.0.80 www.merijn.org O1 - Hosts: 127.0.0.81 www.mjc1.com O1 - Hosts: 127.0.0.82 www.moosoft.com O1 - Hosts: 127.0.0.83 www.mvps.org O1 - Hosts: 127.0.0.84 www.net-integration.net O1 - Hosts: 127.0.0.85 www.noadware.net O1 - Hosts: 127.0.0.86 www.no-spybot.com O1 - Hosts: 127.0.0.87 www.onlinepcfix.com O1 - Hosts: 127.0.0.88 www.pchell.com O1 - Hosts: 127.0.0.89 www.pestpatrol.com O1 - Hosts: 127.0.0.90 www.safer-networking.org O1 - Hosts: 127.0.0.91 www.secureie.com O1 - Hosts: 127.0.0.92 www.security.kolla.de O1 - Hosts: 127.0.0.93 www.spybot.info O1 - Hosts: 127.0.0.94 www.spychecker.com O1 - Hosts: 127.0.0.95 www.spychecker.com O1 - Hosts: 127.0.0.96 www.spycop.com O1 - Hosts: 127.0.0.97 www.spyguard.com O1 - Hosts: 127.0.0.98 www.spykiller.com O1 - Hosts: 127.0.0.99 www.spyware.co.uk O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~1\NORTON~3\QDCSFS.exe /scheduler O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [65217226.exe] C:\WINDOWS\System32\65217226.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Startup: EarthView.lnk = C:\Program Files\EarthView\EarthView.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Onderzoek (HKLM) O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for ¸æå: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/00003/chm.chm::/files/initial.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://D:\Bas\Programma's\Autodesk Architectural Desktop 3\AcDcToday.ocx O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37928.2079513889 O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\Bas\Programma's\Autodesk Architectural Desktop 3\InstBanr.ocx O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://D:\Bas\Programma's\Autodesk Architectural Desktop 3\InstFred.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Bas\Programma's\Autodesk Architectural Desktop 3\AcPreview.ocx O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
  • Hallo -TeR-, Wat is dit: de map EarthView in c:\Program files? Dit bestand ken ik niet: 65217226.exe (ziet er malware uit...) Kan jij het niet thuisbrengen verwijder het dan. Dit process zou ik alvast beëindigen via da taskmanager: C:\WINDOWS\System32\6048220.exe En de iSearch-toolbar kan een lastige klant zijn. Maar we gaan proberen. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:46a9e62808] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/QuickPage/Portal/portal.html R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) R3 - URLSearchHook: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll Alle O1 items O1 - Hosts: 127.0.0.0 localhost O1 - Hosts: 127.0.0.2 auditmypc.com O1 - Hosts: 127.0.0.3 boards.cexx.org O1 - Hosts: 127.0.0.4 bulletproofsoft.net ..... O1 - Hosts: 127.0.0.99 www.spyware.co.uk O2 - BHO: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll O4 - HKLM\..\Run: [65217226.exe] C:\WINDOWS\System32\65217226.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/00003/chm.chm::/files/initial.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB [/b:46a9e62808] Als je dit gedaan hebt [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406]start je de computer op in veilige modus[/url]. Zorg dat alle [url=http://www.xtra.co.nz/help/0,,4155-1916458,00.html]verborgen bestanden weergegeven worden[/url], en verwijder de volgende bestanden of mappen indien aanwezig: BackWeb-8876480.exe in C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ 65217226.exe in C:\WINDOWS\System32\ Reboot en post een nieuwe HijackThislog. Messengerplus: http://www.spywareinfo.com/newsletter/archives/june-2003/3.php groeten Marc
  • Ok, bedankt m@rc ik ga 't ff proberen. Dat earthview is een soort wallpaper van de aarde dat is van me pa. En dat 6048220.exe dat icoontje die erbij staat is het zelfde als dat [b:81f7cc02c1]pup[/b:81f7cc02c1] er staan er overgens nog meer met 't zelfde icoontje. maar ik zou niet weten wat 't is. die kan ik dus gewoon verwijderen?
  • [quote:7358b29945="-TeR-"]Ok, bedankt m@rc ik ga 't ff proberen. Dat earthview is een soort wallpaper van de aarde dat is van me pa.[/quote:7358b29945] Ok thanx. [quote:7358b29945="-TeR-"] En dat 6048220.exe dat icoontje die erbij staat is het zelfde als dat [b:7358b29945]pup[/b:7358b29945] er staan er overgens nog meer met 't zelfde icoontje. maar ik zou niet weten wat 't is. die kan ik dus gewoon verwijderen?[/quote:7358b29945] Inderdaad, weg er mee.
  • Ik zie ook dat: [b:cbb279fdcc]O4 - HKLM\..\Run: [65217226.exe] C:\WINDOWS\System32\65217226.exe[/b:cbb279fdcc] nu dit is geworden: O4 - HKLM\..\Run: [[b:cbb279fdcc]72170656.exe[/b:cbb279fdcc]] C:\WINDOWS\System32\[b:cbb279fdcc]72170656.exe[/b:cbb279fdcc] want hij staat nog steeds onder winamp agent, en die met 65... staat er niet meer bij.
  • Ik had het kunnen denken en moeten weten: PUP ----> waarschijnlijk dus WinPUP Hopelijk is je Engels voldoende en ben je thuis in het register: [url=http://www.kephyr.com/spywarescanner/library/winpup/index.phtml]Removal instructions WINPUP[/url]. Lukt het niet, meld je dan even. Post nadien een nieuwe HijackThislog. Marc
  • wat wil je dat ik eerst doe, dat PUP of eerst de items repareren en een nieuwe log plaatsen? O4 - HKLM\..\Run: [72170656.exe] C:\WINDOWS\System32\72170656.exe
  • Eerst die Winpup eraf, dan alles fixen met HijackThis dat ik genoemd heb en dan de nieuwe log. Succes. :wink:
  • Hij kan de pagina niet vinden. :-?
  • Hier doet ie het hoor: http://www.kephyr.com/spywarescanner/library/winpup/index.phtml
  • :) ik snap er niks van pagina kan niet worden weergeven.
  • Winpup Overview Winpup, also known as Comms and TROJ_WINPUP.B, open pop up windows. Winpup is bundled with Free History Cleaner. Winpup renames itself each time the process is started, making it both hard to find and remove. Classification Adware Variants WinPup WinPup.WinPup32 Files telnat.exe, comms.exe, ogonl.exe, erflib_Perfdata_1c4P.exe, idimapm.exe, sign32i.exe, _874c.exe, fffilto.exe, axdrvf.exe, svpcntsr.exe, iprt400o.exe, ppmgmta.exe, jl11i.exe, insw.exe, p2ress.exe, tl3d32c.exe, NWISEU.exe, etshn.exe, snppagnp.exe, vicap32a.exe, _1252c.exe, ceclis.exe, dsmsexta.exe, inw.exe, skquouid.exe, skquotad.exe, erberosk.exe, ERNEL32K.exe, uaucltw.exe, sbmonu.exe, RLMONU.exe, rlu.exe, ingp.exe, etn.exe, arrhookn.exe, BTSTATN.exe, xpande.exe, axqueuef.exe, AXSVCF.exe, ingerf.exe, GI32G.exe, etc Vendor Unknown Privacy policy No privacy policy available Detection Bazooka Adware and Spyware Scanner detects Winpup. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms, etc. Read more » Manual removal Please follow the instructions below if you would like to remove Winpup manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If Winpup remains on your system after stepping through the removal instructions, please double-check by stepping through them again. 1.Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.) 2.Browse to the key: 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run' 3.In the right pane, delete the values that look like the letters has been shifted around a little, for example 'ogonl', and where the file has same name, but with the .exe extension, 'ogonl.exe'. Remember the filenames (*). 4.Exit the registry editor. 5.Restart your computer. 6.Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.) 7.Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ comms', if it exists. 8.Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ pup', if it exists. 9.Exit the registry editor. 10.Delete '%WinDir%\telnat.exe', if it exists. Delete the files mention at (*) Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).
  • Dit staat er: [quote:4dd14e02bd]Please follow the instructions below if you would like to remove Winpup manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If Winpup remains on your system after stepping through the removal instructions, please double-check by stepping through them again. Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.) Browse to the key: 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run' In the right pane, delete the values that look like the letters has been shifted around a little, for example 'ogonl', and where the file has same name, but with the .exe extension, 'ogonl.exe'. Remember the filenames (*). Exit the registry editor. Restart your computer. Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.) Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ comms', if it exists. Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ pup', if it exists. Exit the registry editor. Delete '%WinDir%\telnat.exe', if it exists. Delete the files mention at (*) Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).[/quote:4dd14e02bd]
  • In the right pane, delete the values that look like the letters has been shifted around a little, for example 'ogonl', and where the file has same name, but with the .exe extension, 'ogonl.exe'. dit stuk snap ik niet? Dit staat er bij: [img:1b3d14b328]http://members.lycos.nl/tercounterstrikenl/hpbimg/Reg.gif[/img:1b3d14b328]
  • Zoek naar 72170656.exe of 65217226.exe of iets wat er op trekt met willekeurige nummers. Remember hij wisselt steeds van naam.... edit: die onder standaard...
  • Dan moet ik de 2e op het plaatje hebben lijkt me?
  • yes

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.