Vraag & Antwoord

Beveiliging & privacy

Problemen websearch

13 antwoorden
  • Heb eveneens problemen met een werkbalk met daarin websearch. Dit is mijn Logfile of HijackThis v1.97.7 Scan saved at 22:44:44, on 4-7-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Outlook Express\MSIMN.EXE C:\Documents and Settings\John\Local Settings\Temp\Tijdelijke map 3 voor hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell.com/ F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKCU\..\Run: [Mini] C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1043\phdintl.dll/phdContext.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Wie kan mij helpen?
  • [code:1:3db8ee3e4a]F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe[/code:1:3db8ee3e4a] Entry fixen, indien nodig process killen en file verwijderen. Daarna rebooten en AdAware draaien.
  • Hallo Wielen, Eerst verplaatsje HijackThis. Sla HijackThis op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maakt namelijk backups in de map waar het opgestart wordt. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:7387a8a2e0] F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll [/b:7387a8a2e0] Als je dit gedaan hebt [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406]start je de computer op in veilige modus[/url]. Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url], en verwijder de volgende bestanden of mappen indien aanwezig: C:\Windows\System32\wsaupdater.exe <--dit bestand. Nadien scan je met Ad-aware. Instructies over het gebruik vind je [url=http://users.pandora.be/marcvn/spyware/]hier[/url] of in de spyware-faq. groeten, Marc
  • Probleem nog niet opgelost. Hier nieuw Hijackthis logboek: Logfile of HijackThis v1.97.7 Scan saved at 11:52:10, on 5-7-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\John\Local Settings\Temp\Tijdelijke map 4 voor hijackthis.zip\HijackThis.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell.com/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKCU\..\Run: [Mini] C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1043\phdintl.dll/phdContext.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  • Probleem nog niet opgelost. Hier nieuw Hijackthis logboek: Logfile of HijackThis v1.97.7 Scan saved at 11:52:10, on 5-7-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\John\Local Settings\Temp\Tijdelijke map 4 voor hijackthis.zip\HijackThis.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell.com/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKCU\..\Run: [Mini] C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1043\phdintl.dll/phdContext.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  • Bij volledig opstarten is het Hijackthis file hetvolgende: Logfile of HijackThis v1.97.7 Scan saved at 12:19:39, on 5-7-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\WindowsSA\omniscient.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\John\Local Settings\Temp\Tijdelijke map 5 voor hijackthis.zip\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell.com/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe" O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [twpchwz] C:\WINDOWS\twpchwz.exe O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [lmzqh] C:\WINDOWS\lmzqh.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:DUT O4 - HKCU\..\Run: [Mini] C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1043\phdintl.dll/phdContext.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  • Hallo Wielen, Volgens mij heb je niet met een geupdate ad-aware gescand. Dit is echt nodig om alle restanten van spyware weg te krijgen. Ook heb ik de indruk dat er bepaalde zaken in de ignorelist staan van HijackThis. Klopt dit? Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen en uninstall - WhenuSearch - SaveNow - Bargain Buddy - ClockSync - P2P Networking.exe Beeindig via taakbeheer (ctrl+alt+del) de processen: omniscient.exe Verplaats HijackThis.....Haal het weg uit je Temp-map. Sla HijackThis op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maakt namelijk backups in de map waar het opgestart wordt. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:c59d39fd90] O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe" O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKLM\..\Run: [twpchwz] C:\WINDOWS\twpchwz.exe O4 - HKLM\..\Run: [lmzqh] C:\WINDOWS\lmzqh.exe O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q [/b:c59d39fd90] Als je dit gedaan hebt [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406]start je de computer op in veilige modus[/url]. Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url], en verwijder de volgende bestanden of mappen indien aanwezig: C:\Program Files\WindowsSA <--deze map C:\Program Files\WhenUSearch <--deze map C:\Program Files\Save <--deze map C:\WINDOWS\twpchwz.exe <--dit bestand hernoemen naar twpchwz.old C:\Program Files\Bargain Buddy <--deze map C:\WINDOWS\alchem.exe <--dit bestand C:\WINDOWS\lmzqh.exe <---dit bestand hernoemen naar lmzqh.old C:\Program Files\ClockSync <--deze map Reboot de computer en scan met een geupdate ad-aware. Reboot en post een nieuwe HijackThislog. Dit ken ik niet: O4 - HKCU\..\Run: [Mini] C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe Enig idee? groeten,
  • Logfile of HijackThis v1.97.7 Scan saved at 20:17:47, on 5-7-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\John\Local Settings\Temp\Tijdelijke map 6 voor hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell.com/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:DUT O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Mini] C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O8 - Extra context menu item: Figuur openen in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1043\phdintl.dll/phdContext.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  • [code:1:c7f8117573]O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll [/code:1:c7f8117573] Die moet er nog uit.
  • [quote:a259ede2af="=Rieske="][code:1:a259ede2af]O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe[/code:1:a259ede2af] Die moeten er nog uit.[/quote:a259ede2af] Toch niet. over die O4: [quote:a259ede2af] Program Name: dla Executable Name: tfswctrl.exe Required: Yes Comments: Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"[/quote:a259ede2af]
  • Xquse me, je hebt gelijk...zal 'm editten. Te snel gelezen.
  • Log ziet er goed uit Wielen. Probleem opgelost? Kan je dit thuisbrengen? O4 - HKCU\..\Run: [Mini] C:\Documents and Settings\John\Application Data\Mini\minicontrolpanel-w32-x86-12921.exe USB-stick of zo?? groeten,
  • Ja, programmatje voor USB stick. Verder geen probleem. Ontzettend bedankt! Probleem opgelost!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.