Vraag & Antwoord

Beveiliging & privacy

[HijackThis] Wie o wie verhelpt de spyware?

5 antwoorden
  • De computer van mijn vader heeft last van zeer veel, en volgens mij ook hardnekkige spyware. Winpatrol blijft telkens meldingen van één of ander programma, [b:4435caacdb]urlw.exe[/b:4435caacdb] genaamd, geven. Ook doet de netwerkkaart het nu niet; mijn vader had de netwerkkaart gedisabled zodat er even geen troep op de pc kon komen, en zodat ik de anti-spyware progs kon installeren. Ik heb wel eerst Ad-Aware gedraaid, maar ik heb deze bestanden maar weer teruggezet in de hoop dat het internet het weer zou doen op die pc. Dus er zijn nu GEEN bestanden meer in quarantine gezet met Ad-Aware. Graag daarom jullie advies wat wel en wat niet te fixen is met deze log: Logfile of HijackThis v1.98.2 Scan saved at 18:51:43, on 23-11-2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\CTSvcCDA.exe C:\Program Files\NavNT\defwatch.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\cba\pds.exe C:\Program Files\NavNT\rtvscan.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\cba\xfr.exe C:\WINNT\system32\MsgSys.EXE C:\WINNT\Explorer.EXE C:\WINNT\anvshell.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\Program Files\NetPumper\NetPumperIEProxy.exe C:\Program Files\PCI Audio Applications\Bin\WDM\Full\Mixer.exe C:\Program Files\ahead\InCD\InCD.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\EcCalc\ectray32.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Anti-Spyware Tools\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchxl.com/ie/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spartakorfbal.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\eric\LOCALS~1\Temp\lituyek.dat O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe" O4 - HKLM\..\Run: [WarheadAtomicTime] C:\Program Files\Atomic Time\AtomicTime.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft Ad-Aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-Aware\" O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: EuroConverter Systray.lnk = C:\Program Files\EcCalc\ectray32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O4 - Global Startup: Reality Fusion GameCam SE.lnk = C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\lsp.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://www.spartakorfbal.nl O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab O16 - DPF: {1A4DA620-6217-11CF-BE62-0080C72EDD2D} (MarqueeCtl Object) - file://F:\scripts\vbscript\marquee.ocx O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (chelloInstall.Install) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB O16 - DPF: {52DFAE60-CEBF-11CF-A3A9-00A0C9034920} (BtnMenu Object) - file://F:\scripts\vbscript\btnmenu.ocx O16 - DPF: {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} (Timer Object) - file://F:\scripts\vbscript\ietimer.ocx O16 - DPF: {99B42120-6EC7-11CF-A6C7-00AA00A47DD2} (Label Object) - file://F:\scripts\vbscript\ielabel.ocx O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (LaunchApp.clsDefault) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{5BEAFE3C-32CF-4002-A79C-37DD0978ED95}: NameServer = 217.19.16.131,217.19.16.132 BVD, Ronaldotjuh
  • Ronaldotjuh, Raar logje is dit. Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig het volgende programma: ShopatHomeSelect Agent Werkt de uninstall niet dan doe je dit: Download [url=http://cexx.org/LSPFix.exe]LSPFix[/url]. Start het programma. Plaats een vinkje bij I know what I am doing. Zorg dat in het rechtse venster (remove venster) alle verwijzingen staan van: [b:a4ea7caae0]lsp.dll[/b:a4ea7caae0] (Let op enkel deze mogen in het remove-venster staan, geen anderen!!!) Klik op Finish en start de computer opnieuw. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:a4ea7caae0] R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\eric\LOCALS~1\Temp\lituyek.dat O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB [/b:a4ea7caae0] Als je dit gedaan hebt [url=http://users.pandora.be/marcvn/spyware/1378056.htm]start je de computer op in veilige modus[/url]. Maak je Temp-map leeg: Start - Uitvoeren tik in: %TEMP% Verwijder in deze map alle bestanden. Reboot de computer. Run HijackThis opnieuw en post een nieuwe log. Succes. Marc
  • Hier is de nieuwe log: Logfile of HijackThis v1.98.2 Scan saved at 21:11:43, on 24-11-2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\CTSvcCDA.exe C:\Program Files\NavNT\defwatch.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\cba\pds.exe C:\Program Files\NavNT\rtvscan.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\cba\xfr.exe C:\WINNT\system32\MsgSys.EXE C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\anvshell.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Creative\News\NewsUpd.EXE C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\Program Files\PCI Audio Applications\Bin\WDM\Full\Mixer.exe C:\Program Files\ahead\InCD\InCD.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\EcCalc\ectray32.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Anti-Spyware Tools\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchxl.com/ie/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spartakorfbal.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup O4 - HKLM\..\Run: [WarheadAtomicTime] C:\Program Files\Atomic Time\AtomicTime.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft Ad-Aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-Aware\" O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: EuroConverter Systray.lnk = C:\Program Files\EcCalc\ectray32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O4 - Global Startup: Reality Fusion GameCam SE.lnk = C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://www.spartakorfbal.nl O16 - DPF: {1A4DA620-6217-11CF-BE62-0080C72EDD2D} (MarqueeCtl Object) - file://F:\scripts\vbscript\marquee.ocx O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (chelloInstall.Install) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB O16 - DPF: {52DFAE60-CEBF-11CF-A3A9-00A0C9034920} (BtnMenu Object) - file://F:\scripts\vbscript\btnmenu.ocx O16 - DPF: {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} (Timer Object) - file://F:\scripts\vbscript\ietimer.ocx O16 - DPF: {99B42120-6EC7-11CF-A6C7-00AA00A47DD2} (Label Object) - file://F:\scripts\vbscript\ielabel.ocx O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (LaunchApp.clsDefault) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
  • Ziet er al beter uit. Breng nog een bezoekje aan de windows update site. Hoe is de situatie nu?
  • Alles doet het weer, dus de netwerkkaart ook. Hartsikke bedankt!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.