Vraag & Antwoord

Beveiliging & privacy

CWS.Homesearch???

4 antwoorden
  • Ik heb van alles geprobeerd maar nu toch echt ten einde raad. Wie kan mij helpen? Ik heb ineens een probleem met mijn startpagina van IE en wel dat deze wijzigt in About: Blank. Ook als ik het weer verander zoals ik het wil. Spybot ziet wat er gebeurt en waarschuwt dat er wijzigingen gaan optreden in het register en wel in de Search page als in de Search Assistent. Spybot verwijdert ook braaf de spyware maar na herstarten is het gewoon weer terug. CWShredder komt met CSW.Homesearch en verwijdert deze ook echter na herstarten is het wederom weer terug. Adaware ziet niets. SpySubtract Pro 3.0 ziet het ook, verwijdert het ook en je raadt het al: daarna is de ellende gewoon weer terug. Tevens is mijn PC bijzonder traag geworden, waarschijnlijk omdat er van alles met het register gebeurt. HijackThis ziet ook dat About: Blank en ook daar kan ik het verwijderen maar na herstarten is de ellende gewoon weer bezig. Verder zijn er ook toevoegingen aan mijn Favorieten-lijst. Ook die kan ik verwijderen, en ook die komen iedere keer terug (dezelfde). Wie kan mij helpen??? Alvast bedankt!!!! Hier het Log van HijackThis: Let vooral op de searchbar in HKCU: Deze .dll's veranderen iedere keer als ik de troep verwijderd heb, zoals boven genoemd. Nu is het yekhh, maar ik heb ook al agyqb.dll en hcrle.dll en anfng.dll gehad. Deze heb ik al verwijderd maar er komt iedere keer een nieuwe voor terug. Logfile of HijackThis v1.99.1 Scan saved at 21:31:49, on 6-6-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe C:\WINDOWS\MXOALDR.EXE C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe C:\WINDOWS\system32\hphmon06.exe C:\PROGRA~1\HEWLET~1\{BA2D9~1\pexpress\hphPED06.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\apprs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\NCLAUNCH.EXe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\3M\PSN2Lite\PsnLite.exe C:\Program Files\Psion\PsiWin\Psconsv.exe C:\Program Files\InterMute\SpySubtract\SpySub.exe C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\PROGRA~1\Psion\PsiWin\Elogerr.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\d3kc.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.flightweb.org/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\flightweb.org R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: Class - {C0AF1A72-C593-86BD-A152-F16A9AEADFB1} - C:\WINDOWS\system32\atlco.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [LiveNote] livenote.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [HPHped06] C:\PROGRA~1\HEWLET~1\{BA2D9~1\pexpress\hphPED06.exe O4 - HKLM\..\Run: [apprs.exe] C:\WINDOWS\apprs.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - Startup: BounceBack Launcher.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\PsnLite.exe O4 - Global Startup: PsiWin 2.3 Connection Server.lnk = C:\Program Files\Psion\PsiWin\Psconsv.exe O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_01) - O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {B817734E-046C-11D3-B674-00104BA25195} - http://pmb001.3m.com/pub/psnotes/psnudate.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in 1.4.2_01) - O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - http://asp06.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} - http://www.zoomify.com/download/zoomify305.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9EB491A8-9B7F-4E06-BA88-327875EF005F}: NameServer = 194.134.5.5 194.134.0.97 O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\d3kc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • Je geeft zelf al aan dat de naam van de dll steeds wijzigd. Dus als je de PC weer opnieuw in normale mode hebt opgestart zou de onderstaande fix niet meer helemaal correct zijn. Voer deze toch maar uit. Als de dll dus is gewijzigd moet je die nieuwe dll maar in de fix gebruiken. Print onderstaande instructie ook uit. Download en installeer [url=http://www.ccleaner.com/]CCleaner[/url] Nog niet gebruiken. Download het bestand [url=http://users.pandora.be/marcvn/regfiles/HSfix.zip]HSfix.zip[/url]. Unzip het en plaats het op je bureaublad, zodat je dit later makkelijk kan terug vinden wanneer je het nodig hebt. Download [url=http://cwshredder.net/bin/CWShredder.exe]CWShredder[/url]. Plaats het bestand ergens waar je het makkelijk kan terug vinden, maar gebruik het nu nog niet. Download [url=http://www.majorgeeks.com/download4289.html]About:buster[/url]. Unzip het naar c:\aboutbuster en controleer of er updates beschikbaar zijn. Installeer deze. Gebruik het programma nog niet. TeaTimer is actief. Deze moet tijdelijk worden gestopt om de wijzigingen van hijackthis aan het register door te kunnen voeren. Kijk evt op http://russelltexas.com/malware/teatimer.htm Zorg dat [url=http://users.pandora.be/marcvn/spyware/1117602.htm]alle verborgen bestanden weergegeven worden[/url]. De reparatie moet worden uitgevoerd in VEILIGE mode. Start je PC op in VEILIGE mode. Kijk [url=http://users.pandora.be/marcvn/spyware/1378056.htm]hier[/url] hoe dat moet. Er is een beperking in Internet Explorer waardoor je niet alle instellingen kunt wijzigen. Mogelijk dat dit door Spybot S&D is ingesteld. Wil je dit toch kunnen doen dan laat je onderstaande ook repareren door HijackThis: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:4540c6785b]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing O2 - BHO: Class - {C0AF1A72-C593-86BD-A152-F16A9AEADFB1} - C:\WINDOWS\system32\atlco.dll O4 - HKLM\..\Run: [apprs.exe] C:\WINDOWS\apprs.exe O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\d3kc.exe [/b:4540c6785b]Stop alle toepassingen behalve hijackthis. Klik op 'Fix checked' om de items te verwijderen. Zorg dat de [url=http://users.pandora.be/marcvn/spyware/1117602.htm]besturingssysteembestanden en verborgen bestanden zichtbaar zijn[/url] De volgende bestanden verwijderen:[b:4540c6785b] C:\WINDOWS\system32\atlco.dll C:\WINDOWS\system32\yekhh.dll C:\WINDOWS\apprs.exe C:\WINDOWS\d3kc.exe [/b:4540c6785b] Dubbelklik op [b:4540c6785b]HSfix.reg[/b:4540c6785b] en laat de wijzigingen aan het register toe voegen. Start CCleaner Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden. Kies in ieder geval voor de volgende items: Internet Explorer: - Tijdelijke Internet bestanden Systeem: - Prullenbak leegmaken - Tijdelijke bestanden klik nu in Ccleaner op opschonen (rechts onderaan). Herstel je webinstellingen: ga naar Configuratiescherm – Internetopties – tabblad Programma’s. Klik op de knop Webinstellingen herstellen. Start CWShredder en klik op de fix-knop. Start About:buster. Wanneer het programma vraagt om een tweede keer te scannen doe je dit. Herstart de computer nu in normale mode. Doe daarna een online virusscan:[url=http://housecall.antivirus.com/]TrendMicro Housecall[/url] Vink het vakje met Auto Clean aan. Laat het volledig je systeem scannen (Dit zal een tijdje duren) Start Hijackthis opnieuw en post een nieuwe log en het log van AboutBuster Sjaak
  • Hoi Sjaak, Volgens mij heeft dit gewerkt!!! Ontzettend bedankt voor je hulp, dit had ik nooit zelf kunnen bedenken. Ik voeg bij het log van AboutBuster en HijackThis. Nogmaals bedankt :D AboutBuster 5.0 reference file 28 Scan started on [7-6-2005] at [12:43:47] ------------------------------------------------ Removed Stream! C:\WINDOWS\Blauw 16.bmp:buwzyz Removed Stream! C:\WINDOWS\bootstat.dat:mvonbb Removed Stream! C:\WINDOWS\Thumbs.db:encryptable Removed Stream! C:\WINDOWS\wininit.ini:dwfyqj Removed Stream! C:\WINDOWS\{00000000-00000000-0000000E-00001102-00000004-00511102}.CDF:qttpce ------------------------------------------------ Removed File! : C:\Windows\ixark.dat Removed File! : C:\Windows\System32\ikpei.dat ------------------------------------------------ Scan was COMPLETED SUCCESSFULLY at 12:44:11 AboutBuster 5.0 reference file 28 Scan started on [7-6-2005] at [13:29:29] ------------------------------------------------ No Ads Found! ------------------------------------------------ No Files Found! ------------------------------------------------ Scan was COMPLETED SUCCESSFULLY at 13:29:52 Logfile of HijackThis v1.99.1 Scan saved at 13:27:49, on 7-6-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe C:\WINDOWS\MXOALDR.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe C:\WINDOWS\system32\hphmon06.exe C:\PROGRA~1\HEWLET~1\{BA2D9~1\pexpress\hphPED06.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\3M\PSN2Lite\PsnLite.exe C:\Program Files\Psion\PsiWin\Psconsv.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\PROGRA~1\Psion\PsiWin\Elogerr.exe C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.flightweb.org/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\flightweb.org R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [LiveNote] livenote.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [HPHped06] C:\PROGRA~1\HEWLET~1\{BA2D9~1\pexpress\hphPED06.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - Startup: BounceBack Launcher.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\PsnLite.exe O4 - Global Startup: PsiWin 2.3 Connection Server.lnk = C:\Program Files\Psion\PsiWin\Psconsv.exe O4 - Global Startup: SpySubtract.lnk.disabled O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_01) - O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {B817734E-046C-11D3-B674-00104BA25195} - http://pmb001.3m.com/pub/psnotes/psnudate.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in 1.4.2_01) - O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - http://asp06.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} - http://www.zoomify.com/download/zoomify305.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9EB491A8-9B7F-4E06-BA88-327875EF005F}: NameServer = 194.134.5.5 194.134.0.97 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • Ziet er heel goed uit. Je hebt de scan van Housecall ook uitgevoerd. Deze infectie kan lastig zijn, maar als je de instructies goed opvolgt en niet een paar dagen wacht dan lukt het wel, zoals je hebt gezien. Sjaak

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.