Vraag & Antwoord

Beveiliging & privacy

[Opdrachten uitgevoerd] schone log nu?

4 antwoorden
  • [b:ce053eec5f]Momentje ben nog even bezig met Adware[/b:ce053eec5f] Schone log komt eraan. Zou iemand deze log kunnen nakijken ik heb last van een Toolbar :( Logfile of HijackThis v1.99.0 Scan saved at 11:37:08 AM, on 5/24/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Programs\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programs\Zone Labs\ZoneAlarm\zlclient.ex e C:\WINDOWS\system32\sstray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programs\CA\ETRUST~1\ETRUST~1\VetTray.exe C:\Programs\Google\Gmail Notifier\gnotify.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Programs\KEMailKb\KEMailKb.EXE C:\Program Files\KMaestro\KMaestro.exe C:\Programs\Babylon\Babylon.exe C:\Programs\MessengerPlus! 3\MsgPlus.exe C:\Program Files\ISTsvc\istsvc.exe C:\WINDOWS\lirur.exe C:\Program Files\Internet Optimizer\optimize.exe C:\program files\180solutions\sais.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Programs\FirefoxPreloader\FirefoxPreloader.exe C:\Programs\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Programs\Azureus\Azureus.exe C:\Programs\Java\jre1.5.0_01\bin\javaw.exe C:\Program Files\BullsEye Network\bin\bargains.exe C:\Programs\WinBar\WinBar.exe C:\Programs\Winamp\winampa.exe C:\Programs\Hitman Pro\uninstall\engine.exe C:\Programs\SpywareBlaster\spywareblaster.exe C:\Documents and Settings\All Users\Start Menu\Programs\Anti-virus\HijackThis\hijackthis\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programs\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - blank (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programs\Ipswitch\WS_FTP Pro\wsbho2k0.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll O4 - HKLM\..\Run: [Zone Labs Client] C:\Programs\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [VetTray] C:\Programs\CA\ETRUST~1\ETRUST~1\VetTray.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programs\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [KEMailKb] C:\Programs\KEMailKb\KEMailKb.EXE O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe O4 - HKLM\..\Run: [Babylon Client] C:\Programs\Babylon\Babylon.exe -AutoStart O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programs\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [a7GR] C:\WINDOWS\lirur.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [dktgf] C:\WINDOWS\dktgf.exe O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programs\Winamp\winampa.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Firefox Preloader.lnk = C:\Programs\FirefoxPreloader\FirefoxPreloader.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Programs\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programs\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programs\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - blank (file missing) O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - blank (file missing) O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\Programs\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Netropa NHK Server - Unknown - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: Sandra Data Service - SiSoftware - C:\Programs\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe O23 - Service: Sandra Service - SiSoftware - C:\Programs\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\Programs\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe[b:ce053eec5f][/b:ce053eec5f]
  • [quote:0ca76703ea="evisu"]ik heb last van een Toolbar :([/quote:0ca76703ea]Scan eens met Hitman Pro ( www.hitmanpro.nl ). Hiermee raak je die toolbar waarschijnlijk ook kwijt.
  • Er staat wel meer op de PC dat er niet op hoort. Download en installeer [url=http://www.ccleaner.com/]CCleaner[/url] Nog niet gebruiken! Ga naar configuratiescherm -> software en verwijder indien aanwezig deze: BullsEye Network Internet Optimizer BargainBuddy Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:bcb5f55f4b]R3 - Default URLSearchHook is missing O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [a7GR] C:\WINDOWS\lirur.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [dktgf] C:\WINDOWS\dktgf.exe O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe [/b:bcb5f55f4b]Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen Zorg dat de [url=http://users.pandora.be/marcvn/spyware/1117602.htm]besturingssysteembestanden en verborgen bestanden zichtbaar zijn[/url] De volgende directories/bestanden verwijderen:[b:bcb5f55f4b] C:\Program Files\SideFind\ C:\Program Files\ISTbar\ C:\Program Files\ISTsvc\ C:\Program Files\Internet Optimizer\ C:\Program Files\BullsEye Network\ c:\program files\180solutions\ C:\Program Files\Power Scan\ C:\WINDOWS\nem220.dll (mogelijk al verwijderd) C:\WINDOWS\system32\msbe.dll (mogelijk al verwijderd) C:\WINDOWS\zeta.exe C:\WINDOWS\lirur.exe C:\WINDOWS\dktgf.exe [/b:bcb5f55f4b] Start Ccleaner Ccleaner biedt je ook de mogelijkheid om in te stellen wat er opgeschoond moet worden. Kies in ieder geval voor de volgende items: Internet Explorer: - Tijdelijke Internet bestanden Systeem: - Prullenbak leegmaken - Tijdelijke bestanden Ccleaner biedt je ook de mogelijkheid om in te stellen welke cookies je behouden wilt. Kijk hiervoor bij "Opties"en dan Cookies, selecteer de cookies die je behouden wilt en plaats die in de "Te behouden cookies" ruimtem hierna kunnen de overige cookies ook worden opgeruimd. klik nu in Cclearer voor opschonen (rechts onderaan). Scan de computer met een geupdate Ad-Aware SE. Instructies vind je [url=http://users.telenet.be/marcvn/spyware/1414188.htm]hier[/url]. Sjaak
  • Bedankt Sjaak, ik heb alles uitgevoerd. Alleen dit nog, nadat ik Hitman pro had gedraaid, kon ik veel dingen die ik moest verwijderen niet vinden. Alle mappen weergeven heb ik aanstaan. Ook gaat het niet alleen om dingen waar bij stond dat ze mogelijk al weg waren. wel vond ik deze map: C:\Program Files\ISTsvc\ maar die kon ik niet verwijderen omdat hij in gebruik was. Heb toen geprobeert in Veile modus te starten, maar op de 1 of andere manier doet mijn toetsenbord niks nadat ik F8 heb ingedrukt. Ik kom wel in het scherm waar je kan kiezen uit. Als nog starten met Windows, veile modus kiezen. Ik kan dan alleen helemaal niks meer met me toetsenbord. Hier een nieuwe log. Zo schoon? Logfile of HijackThis v1.99.0 Scan saved at 11:09:42 PM, on 5/24/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Programs\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programs\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\sstray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programs\CA\ETRUST~1\ETRUST~1\VetTray.exe C:\Programs\Google\Gmail Notifier\gnotify.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Programs\KEMailKb\KEMailKb.EXE C:\Program Files\KMaestro\KMaestro.exe C:\Programs\Babylon\Babylon.exe C:\Programs\MessengerPlus! 3\MsgPlus.exe C:\Programs\Winamp\winampa.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Programs\FirefoxPreloader\FirefoxPreloader.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Programs\firefox.exe C:\Programs\WinBar\WinBar.exe C:\Documents and Settings\All Users\Start Menu\Programs\Anti-virus\HijackThis\hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programs\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - blank (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programs\Ipswitch\WS_FTP Pro\wsbho2k0.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Zone Labs Client] C:\Programs\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [VetTray] C:\Programs\CA\ETRUST~1\ETRUST~1\VetTray.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programs\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [KEMailKb] C:\Programs\KEMailKb\KEMailKb.EXE O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe O4 - HKLM\..\Run: [Babylon Client] C:\Programs\Babylon\Babylon.exe -AutoStart O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programs\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programs\Winamp\winampa.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Firefox Preloader.lnk = C:\Programs\FirefoxPreloader\FirefoxPreloader.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Programs\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programs\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programs\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - blank (file missing) O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - blank (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\Programs\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Netropa NHK Server - Unknown - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: Sandra Data Service - SiSoftware - C:\Programs\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe O23 - Service: Sandra Service - SiSoftware - C:\Programs\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\Programs\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.