Vraag & Antwoord

Beveiliging & privacy

hijack this loggy

8 antwoorden
  • heey mensen ik heb vanmiddag wat gedownload,,, wat blijkt nou dat bestand haald allemaal spyware binnen. adaware vond meer als 600 dingen (van te voren had ik geen spyware op me pc) spybot vond 15 ddingen (voorheen ook niks). ik had alle spyware verwijdert maar wat blijkt nou ik heb de nog wel wat op staan. Ik ben hopeloos ik weet niet meer wat ik moet doen ik wil de graag weer van af. dus ik dacht ik post even een hijack this log. [code:1:e4abe044b4]Logfile of HijackThis v1.99.0 Scan saved at 17:27:08, on 27-12-2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Progs\Norton AntiVirus\navapsvc.exe C:\Progs\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\gsicon.exe C:\WINDOWS\System32\dslagent.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\WINDOWS\Mixer.exe C:\progs\Winamp\winampa.exe C:\progs\Messenger Plus! 3\MsgPlus.exe C:\progs\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\spoolsv.exe C:\WINDOWS\System32\rundll32.exe C:\Documents and Settings\Mike\Application Data\soat.exe C:\WINDOWS\System32\l?ass.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\progs\Teamspeak2_RC2\TeamSpeak.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStart2Page/Portal/portal.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1185DEB8-4479-1DA6-0033-3D3650EEAEC6} - C:\WINDOWS\System32\gnd.dll O2 - BHO: - {B2226493-40C2-4420-B8B9-72C3F5163B1E} - C:\WINDOWS\lbbho.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Progs\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Progs\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Search Bar - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - C:\WINDOWS\system32\srchbar.dll O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [WinampAgent] C:\progs\Winamp\winampa.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\progs\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\progs\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe O4 - HKLM\..\Run: [sOWQpZ] c:\documents and settings\mike\local settings\temp\sOWQpZ.exe O4 - HKLM\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run O4 - HKLM\..\Run: [SurfBuddy] rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run O4 - HKCU\..\Run: [Clock] C:\WINDOWS\mshta.exe O4 - HKCU\..\Run: [SurfBuddy] rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run O4 - HKCU\..\Run: [Ernc] C:\Documents and Settings\Mike\Application Data\soat.exe O4 - HKCU\..\Run: [Npks] C:\WINDOWS\System32\l?ass.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\progs\MICROS~1\OFFICE11\REFIEBAR.DLL O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D67BEE81-F0E6-401D-B038-1A77629D5E20}: NameServer = 213.227.141.10 213.227.130.5 O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Progs\Norton AntiVirus\navapsvc.exe O23 - Service: Netropa NHK Server - Unknown - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Progs\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Progs\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[/code:1:e4abe044b4] [b:e4abe044b4]ik hoop dat er mensen zijn die me kunnen helpen bvd[/b:e4abe044b4]
  • Download [url=http://cexx.org/LSPFix.exe]LSPFix[/url]. Start het programma. Plaats een vinkje bij I know what I am doing. Zorg dat in het rechtse venster (remove venster) alle verwijzingen staan van: [b:20b1e57727]xfire_lsp_10650.dll[/b:20b1e57727]. (Let op enkel deze mogen in het remove-venster staan, geen anderen!!!) Klik op Finish en start de computer opnieuw. Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url]. Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:20b1e57727] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStart2Page/Portal/portal.html R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {1185DEB8-4479-1DA6-0033-3D3650EEAEC6} - C:\WINDOWS\System32\gnd.dll O2 - BHO: - {B2226493-40C2-4420-B8B9-72C3F5163B1E} - C:\WINDOWS\lbbho.dll O3 - Toolbar: Search Bar - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - C:\WINDOWS\system32\srchbar.dll O4 - HKLM\..\Run: [sOWQpZ] c:\documents and settings\mike\local settings\temp\sOWQpZ.exe O4 - HKLM\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run O4 - HKLM\..\Run: [SurfBuddy] rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run O4 - HKCU\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run O4 - HKCU\..\Run: [Clock] C:\WINDOWS\mshta.exe O4 - HKCU\..\Run: [SurfBuddy] rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run O4 - HKCU\..\Run: [Ernc] C:\Documents and Settings\Mike\Application Data\soat.exe O4 - HKCU\..\Run: [Npks] C:\WINDOWS\System32\l?ass.exe [/b:20b1e57727] Verwijder de volgende bestanden en/of mappen indien aanwezig: c:\documents and settings\mike\local settings\temp\sOWQpZ.exe dit bestand C:\Program Files\WebSpecials <--deze map C:\Program Files\SurfBuddy <--deze map C:\Documents and Settings\Mike\Application Data\soat.exe Reboot de computer, run HijackThis opnieuw en post een nieuwe log. Plaats je log niet tussen de code tags, is makkelijker leesbaar.
  • thnx man alles is de weer af :D
  • hier is de log waar je om vroeg. Logfile of HijackThis v1.99.0 Scan saved at 21:49:57, on 27-12-2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Progs\Norton AntiVirus\navapsvc.exe C:\Progs\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\gsicon.exe C:\WINDOWS\System32\dslagent.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\WINDOWS\Mixer.exe C:\progs\Winamp\winampa.exe C:\progs\Messenger Plus! 3\MsgPlus.exe C:\progs\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\spoolsv.exe C:\Documents and Settings\Mike\Application Data\soat.exe C:\WINDOWS\System32\l?ass.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\progs\Teamspeak2_RC2\TeamSpeak.exe C:\progs\Xfire\Xfire.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\progs\Winamp\winamp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\SmartFTP\SmartFTP.exe C:\hijackthis\HijackThis.exe C:\WINDOWS\System32\rundll32.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Progs\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Progs\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [WinampAgent] C:\progs\Winamp\winampa.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\progs\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\progs\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe O4 - HKLM\..\Run: [SurfBuddy] rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SurfBuddy] rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\progs\MICROS~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D67BEE81-F0E6-401D-B038-1A77629D5E20}: NameServer = 213.227.141.10 213.227.130.5 O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Progs\Norton AntiVirus\navapsvc.exe O23 - Service: Netropa NHK Server - Unknown - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Progs\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Progs\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url]. Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:301cb365d3] O4 - HKLM\..\Run: [SurfBuddy] rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run O4 - HKCU\..\Run: [SurfBuddy] rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run [/b:301cb365d3] Verwijder de volgende bestanden en/of mappen indien aanwezig: C:\Program Files\SurfBuddy <--deze map Reboot de computer, run HijackThis opnieuw en post een nieuwe log.
  • damn was ik zeker vergeten maar nu is het er wel af. bedankt marc :D *slotje
  • Als alles dan weg is, zou ik het volgende toch nog even doornemen. Maak je Temp-map leeg: Start - Uitvoeren tik in: %TEMP%. Selecteer alle bestanden in deze map en verwijder ze. Ledig de map met tijdelijke internetbestanden: Configuratiescherm - Internetopties - tabblad Algemeen - klik bij Tijdelijke internetbestanden op Bestanden Verwijderen. Maak je Prullenbak leeg. Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in. [url=http://users.pandora.be/marcvn/spyware/1852808.htm]Systeemherstel uitschakelen[/url]. Bezoek de [url=http://www.windowsupdate.com]Windows Update Site[/url]. Alleen zo ben je zeker dat je de nieuwste patches voor je besturingssysteem geïnstalleerd hebt. Als er nieuwe updates beschikbaar zijn, dan dowload en installeer je alle essentiële updates en service packs. Reboot je computer en controleer opnieuw. Herhaal deze procedure tot dat er geen essentiële updates meer zijn. Installeer ook [url=http://www.javacoolsoftware.com/spywareblaster.html]SpywareBlaster[/url] en [url=http://www.javacoolsoftware.com/spywareguard.html]Spywareguard[/url]. Gebruik je de laatste versie van Spybot Search & Destroy, en je maakt gebruik van de realtime protectie TeaTimer, dan moet je Spywareguard niet installeren. Meer info over hoe je een nieuwe infectie kan voorkomen vind je [url=http://users.pandora.be/marcvn/spyware/1564073.htm]hier[/url].
  • oke maar ik kan sp2 niet installeren als ik dat doe dan doet mijn usb het niet meer :S heel raar is dat. maar weet jij maybe de link van sp1?

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.