Vraag & Antwoord

Beveiliging & privacy

Bureaublad niet meer aan te passen

11 antwoorden
  • Hoi, ik kan sinds gisteren mijn bureablad niet meer aanpassen, in de beeldschermeigenschapen is het hele tabje hiervoor verdwenen. Bij starten laat e voor ca 10 seconden de juiste achtergrond zien en dan woordt de achtergrond zwart. Kan iemand even naar onderstaanlogfile kijken?? Logfile of HijackThis v1.99.1 Scan saved at 9:27:13, on 19-8-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\WiredRed\EPop\logonsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RaboCommSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE C:\Program Files\WiredRed\EPop\EPop.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Trust\302KS\Mouse\mouse32a.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Rabo\Support\RaboSessionMon.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Trust\302KS\Keyboard\KbdAp32A.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\System32\svchost.exe C:\unzipped\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [e/pop] C:\Program Files\WiredRed\EPop\EPop.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Trust\302KS\Keyboard\MMKEYBD.EXE O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Trust\302KS\Mouse\mouse32a.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - Startup: netuse.bat O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Rabo Session Monitor.lnk = C:\Program Files\Rabo\Support\RaboSessionMon.exe O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {6EABE8B6-5C8E-4B1B-AEAB-7FE17C4A3A04} - https://server.db.kvk.nl/WWWEXT01/install/plugin/KVKar51.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.xxlwebhosting.nl/AxisCamControl.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5CFBA09A-90D1-4918-A655-63FD5381FA11}: NameServer = 194.109.6.66,194.109.9.99 O17 - HKLM\System\CCS\Services\Tcpip\..\{777769CF-78D4-4451-B32D-795600D994D9}: NameServer = 194.109.6.66,194.109.9.99 O20 - AppInit_DLLs: MsgPlusLoader.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LogonSvc (LogonSvcID) - WiredRed Software - C:\Program Files\WiredRed\EPop\logonsvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Rabo Comm Server (Srv_RaboComm) - Unknown owner - C:\WINDOWS\system32\RaboCommSrv.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • Open HijackThis, kies voor "Do a system scan only"en plaats een vinkje voor de volgende regels: [b:64e71e0e8d]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1 R3 - URLSearchHook: (no name) - - (no file) [/b:64e71e0e8d] Sluit alle open vensters(behalve HijackThis) en klik op "Fix checked" om de geselecteerde regels te verwijderen. Download, installeer en update free trial versie van [url=http://download.ewido.net/ewido-setup.exe]Ewido Security Suite[/url][list=1:64e71e0e8d] [*:64e71e0e8d]Tijdens de installatie, onder "Additional Options", haal je de vinkjes weg bij "Install background guard" en "Install scan via context menu". [*:64e71e0e8d]Als je Ewido voor de eerste keer runt, zal je een foutmelding krijgen "Database could not be found!". Klik dan op [b:64e71e0e8d]OK[/b:64e71e0e8d]. Dit is normaal. [*:64e71e0e8d]In het hoofdscherm van Ewido, klik je op [b:64e71e0e8d]update[/b:64e71e0e8d] in het linker menu, en vervolgens op de [b:64e71e0e8d]Start update[/b:64e71e0e8d] knop. [*:64e71e0e8d]Als de updates gedaan zijn, zal er op de status bar beneden "Update successful" staan. [/list:o:64e71e0e8d]Herstart de PC in [url=http://users.telenet.be/marcvn/spyware/1378056.htm]VEILIGE modus[/url] Open Ewido Security Suite[list:64e71e0e8d] [*:64e71e0e8d]klik op [b:64e71e0e8d]Scanner[/b:64e71e0e8d] [*:64e71e0e8d]Klik op [b:64e71e0e8d]complete system scan[/b:64e71e0e8d] [*:64e71e0e8d]Laat het programma je pc scannen [/list:u:64e71e0e8d]Tijdens de scan zal je gevraagd worden of je gevonden bestanden wilt verwijderen. Klik dan op [b:64e71e0e8d]OK[/b:64e71e0e8d] Als de scan beëindigd is, zal je een knop zien [b:64e71e0e8d]Bewaar rapport[/b:64e71e0e8d][list:64e71e0e8d] [*:64e71e0e8d]Klik op [b:64e71e0e8d]Bewaar Rapport[/b:64e71e0e8d] [*:64e71e0e8d]Sla het rapport op op je bureaublad [*:64e71e0e8d]Sluit Ewido af [/list:u:64e71e0e8d]Herstart je pc in normale modus en [b:64e71e0e8d]post dan hier het log van Ewido[/b:64e71e0e8d] en een nieuw log van HijackThis Groeten smeenk :wink:
  • Hoi, Hierbij de logs, het probleem is nog niet verholpen. Thx, wimpio --------------------------------------------------------- ewido security suite - Scan rapport --------------------------------------------------------- + Gemaakt op: 13:59:28, 19-8-2005 + Rapport samenvatting: 631A58C4 + Scan resultaten: C:\Documents and Settings\Administrator\Cookies\administrator@ad.adition[2].txt -> Spyware.Cookie.Adition : Schoongemaakt met een backup C:\Documents and Settings\Administrator\Cookies\administrator@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Schoongemaakt met een backup C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[1].txt -> Spyware.Cookie.Adbrite : Schoongemaakt met een backup C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlocpcpeep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup C:\Documents and Settings\Administrator\Cookies\administrator@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Schoongemaakt met een backup C:\Documents and Settings\Administrator\Cookies\administrator@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Schoongemaakt met een backup C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Schoongemaakt met een backup C:\Documents and Settings\Administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyohc5mhpq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup C:\Program Files\Rabo\Support\RaboSessionMon.exe -> Heuristic.Win32.Dialer : Schoongemaakt met een backup C:\Program Files\Rabotwin\RaboComm\RaboComm.exe -> Heuristic.Win32.Dialer : Schoongemaakt met een backup C:\RECYCLER\NPROTECT\00355068.SO -> Dialer.Generic : Schoongemaakt met een backup C:\RECYCLER\NPROTECT\00355076.exe -> Trojan.Puper.an : Schoongemaakt met een backup C:\RECYCLER\NPROTECT\00355077.exe -> Spyware.Hijacker.Generic : Schoongemaakt met een backup C:\RECYCLER\NPROTECT\00355235.exe -> Trojan.Small.ev : Schoongemaakt met een backup C:\RECYCLER\NPROTECT\00355237.exe -> Trojan.Puper.ai : Schoongemaakt met een backup C:\System Volume Information\_restore{9E10BA80-D43F-4EE9-A2CA-9FAE179F39B6}\RP452\A0072881.exe -> Trojan.Puper.ai : Schoongemaakt met een backup C:\System Volume Information\_restore{9E10BA80-D43F-4EE9-A2CA-9FAE179F39B6}\RP452\A0072887.exe -> Trojan.Puper.ai : Schoongemaakt met een backup C:\System Volume Information\_restore{9E10BA80-D43F-4EE9-A2CA-9FAE179F39B6}\RP452\A0072910.exe -> Trojan.Puper.ai : Schoongemaakt met een backup C:\System Volume Information\_restore{9E10BA80-D43F-4EE9-A2CA-9FAE179F39B6}\RP452\A0072919.exe -> Trojan.Puper.ai : Schoongemaakt met een backup C:\System Volume Information\_restore{9E10BA80-D43F-4EE9-A2CA-9FAE179F39B6}\RP452\A0072928.exe -> Trojan.Puper.ai : Schoongemaakt met een backup C:\System Volume Information\_restore{9E10BA80-D43F-4EE9-A2CA-9FAE179F39B6}\RP455\A0073132.dll -> Trojan.Small.ev : Schoongemaakt met een backup C:\WINDOWS\SYSTEM32\oleext.dll -> Trojan.Small.ev : Schoongemaakt met een backup ::Einde rapport Logfile of HijackThis v1.99.1 Scan saved at 14:06:05, on 19-8-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\WiredRed\EPop\logonsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\system32\RaboCommSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE C:\Program Files\WiredRed\EPop\EPop.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Trust\302KS\Mouse\mouse32a.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Trust\302KS\Keyboard\KbdAp32A.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [e/pop] C:\Program Files\WiredRed\EPop\EPop.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Trust\302KS\Keyboard\MMKEYBD.EXE O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Trust\302KS\Mouse\mouse32a.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: netuse.bat O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Rabo Session Monitor.lnk = C:\Program Files\Rabo\Support\RaboSessionMon.exe O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {6EABE8B6-5C8E-4B1B-AEAB-7FE17C4A3A04} - https://server.db.kvk.nl/WWWEXT01/install/plugin/KVKar51.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.xxlwebhosting.nl/AxisCamControl.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5CFBA09A-90D1-4918-A655-63FD5381FA11}: NameServer = 194.109.6.66,194.109.9.99 O17 - HKLM\System\CCS\Services\Tcpip\..\{777769CF-78D4-4451-B32D-795600D994D9}: NameServer = 194.109.6.66,194.109.9.99 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LogonSvc (LogonSvcID) - WiredRed Software - C:\Program Files\WiredRed\EPop\logonsvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Rabo Comm Server (Srv_RaboComm) - Unknown owner - C:\WINDOWS\system32\RaboCommSrv.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • Download [url=http://noahdfear.geekstogo.com/click%20counter/click.php?id=1]smitRem.exe[/url]. Pak alle bestanden uit op je bureaublad. Start de computer op in veilige modus. Hoe je dit doet kan je [url=http://users.telenet.be/marcvn/spyware/1378056.htm]hier[/url] lezen. Open de smitrem-map op je bureaublad, en dubbelklik op RunThis.bat. Volg de aanwijzigingen op het scherm. Je bureaublad en ikoontjes zullen even verdwijnen en daarna terug verschijnen, dit is normaal. Wacht tot het tooltje zijn werk heeft gedaan en Disk Cleanup afgelopen is. Dit kan enige tijd duren, dus wees geduldig. Herstart De computer. Maak een nieuw HijackThislog en post deze. Zoek naar c:\smitfiles.txt en post de inhoud van dit bestand ook. Vertel even hoe de situatie nu is.
  • Dan zal het inderdaad door smitfraud komen :wink: Dit zag ik nog in het log van Ewido:[quote:a7c4ceacb3] C:\Program Files\Rabo\Support\RaboSessionMon.exe -> Heuristic.Win32.Dialer : Schoongemaakt met een backup C:\Program Files\Rabotwin\RaboComm\RaboComm.exe -> Heuristic.Win32.Dialer : Schoongemaakt met een backup [/quote:a7c4ceacb3]Controleer of dit programma nog wel goed werkt, mogelijk heeft dat programma die dialer gewoon nodig. Groeten smeenk :wink:
  • oleext.dll Waarschijnlijk is wininet.dll geïnfecteerd
  • Hi, smitrem gedaan ziet er een stuk beter uit. hierbij nog even de logs, overigens die rabo is van telebanking en die dialer werkt goed. indien jullie nog suggesties hebben hoo ik ze graag, voor nu alvast bedankt! smitRem log file version 2.3 by noahdfear ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run Files Present ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ logfiles ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ sites.ini ~~~ Drive root ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Post-run Files Present ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Wininet.dll ~~~ CLEAN! :) Logfile of HijackThis v1.99.1 Scan saved at 14:55:38, on 19-8-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\WiredRed\EPop\logonsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\system32\RaboCommSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE C:\Program Files\WiredRed\EPop\EPop.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Trust\302KS\Mouse\mouse32a.exe C:\WINDOWS\system32\lexpps.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trust\302KS\Keyboard\KbdAp32A.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [e/pop] C:\Program Files\WiredRed\EPop\EPop.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Trust\302KS\Keyboard\MMKEYBD.EXE O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Trust\302KS\Mouse\mouse32a.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: netuse.bat O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Rabo Session Monitor.lnk = C:\Program Files\Rabo\Support\RaboSessionMon.exe O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {6EABE8B6-5C8E-4B1B-AEAB-7FE17C4A3A04} - https://server.db.kvk.nl/WWWEXT01/install/plugin/KVKar51.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.xxlwebhosting.nl/AxisCamControl.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5CFBA09A-90D1-4918-A655-63FD5381FA11}: NameServer = 194.109.6.66,194.109.9.99 O17 - HKLM\System\CCS\Services\Tcpip\..\{777769CF-78D4-4451-B32D-795600D994D9}: NameServer = 194.109.6.66,194.109.9.99 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LogonSvc (LogonSvcID) - WiredRed Software - C:\Program Files\WiredRed\EPop\logonsvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Rabo Comm Server (Srv_RaboComm) - Unknown owner - C:\WINDOWS\system32\RaboCommSrv.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • [quote:d9eeb8d0e0="wimkip"]overigens die rabo is van telebanking en die dialer werkt goed.[/quote:d9eeb8d0e0]Dat had ik ook gevonden, maar volgens mij heeft Ewido het bestand verwijderd dat bij deze sleutel hoort: [b:d9eeb8d0e0]O4 - Global Startup: Rabo Session Monitor.lnk = C:\Program Files\Rabo\Support\RaboSessionMon.exe[/b:d9eeb8d0e0] http://www.bleepingcomputer.com/startups/RaboSessionMon.exe-4355.html En ik zie het proces C:\Program Files\Rabo\Support\RaboSessionMon.exe ook niet meer staan, vandaar mijn vraag of je wilde controleren of de software van Rabobank nog goed werkt, anders die twee bestanden van Rabo via de backups van Ewido terugplaatsen :wink: Groeten smeenk
  • Hya Smeenk, Thx voor de input, de Rabo shit deed het dus echt niet meer, na terugzetten alles perfecto. Goed weekeinde en nogmaals dank. Wimpio
  • Graag gedaan hoor :wink: Het blijft natuurlijk een vreemde zaak dat bestanden van Rabobank software door antivirus- en antispywarescanners worden herkend als malware :roll: Dan ben je vast niet de enige die opeens een paar belangrijke bestanden kwijt is. Groeten smeenk
  • Tja, die software jongens die Rab shit geschreven hebben hebben dat dus ff over het hoofd gezien. Maar ja, t blijven mensen.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.