Vraag & Antwoord

Beveiliging & privacy

Problemen met spyware

Anoniem
pcguy
5 antwoorden
  • Hoi hoi..

    Normaal gesproken maak ik mn computer elke maand helemaal leeg zodat mn comp op en top werkt. Maar de laatste maanden heb ik daar geen tijd/zin in gehad…

    En dit is t gevolg:


    Logfile of HijackThis v1.98.2
    Scan saved at 21:18:02, on 26-9-2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\csrss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\System32\Ati2evxx.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\Ati2evxx.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Rage3DTweak\RegTwk.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\windows\kdx\KHost.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\windows\System32\ctfmon.exe
    C:\windows\System32\taskmgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Real\RealOne Player\realplay.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\ULTIMA~1\uzip.exe
    C:\DOCUME~1\ATHV~1.CP5\LOCALS~1\TEMP\UZ_3E\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3048
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3048
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.14/
    O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\windows\multimpp.dll
    O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winbva32.exe
    O4 - HKLM\..\Run: [yrmxgn] C:\WINDOWS\yrmxgn.exe
    O4 - HKLM\..\Run: [snpstd] C:\windows\vsnpstd.exe
    O4 - HKLM\..\Run: [RegTweak] C:\Program Files\Rage3DTweak\RegTwk.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\windows\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [kdx] C:\windows\kdx\KHost.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update13.js
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Corel Network monitor worker - {F1C5354C-8CF0-45DD-893B-5597DFB40A28} - (no file)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {F1C5354C-8CF0-45DD-893B-5597DFB40A28} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093987327389
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4358/mcfscan.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab

    Heb al een aantal dingetjes kunnen verwijderen, maar weet niet wat de rest is..

    Zou iemand me daarmee kunnen helpen?

    bvd -Arve
  • Kijk er naar.
  • [code:1:d440fdfb26]Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)[/code:1:d440fdfb26]
    SP1 ontbreekt en ook de nodige updates.

    Sluit alle browservensters en fix onderstaande items.
    [code:1:d440fdfb26]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3048
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3048
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.14/
    O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\windows\multimpp.dll
    O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
    O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winbva32.exe
    O4 - HKLM\..\Run: [yrmxgn] C:\WINDOWS\yrmxgn.exe
    O4 - HKLM\..\Run: [kdx] C:\windows\kdx\KHost.exe
    O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update13.js
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Corel Network monitor worker - {F1C5354C-8CF0-45DD-893B-5597DFB40A28} - (no file)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {F1C5354C-8CF0-45DD-893B-5597DFB40A28} - (no file)
    O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
    [/code:1:d440fdfb26]

    Boot naar veilige modus, zorg dat "alle bestanden en mappen weergeven" aanstaat en verwijder onderstaande bestanden.
    [code:1:d440fdfb26]C:\windows\kdx\KHost.exe
    C:\windows\multimpp.dll
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll
    C:\WINDOWS\yrmxgn.exe
    C:\WINDOWS\yrmxgn.exe
    C:\WINDOWS\update13.js[/code:1:d440fdfb26]

    Boot terug naar winmode en post een nieuwe log.
  • [quote:a001bcd653] Sluit alle browservensters en fix onderstaande items.
    [/quote:a001bcd653]

    Dit heb ik gedaan. Maar ik krijg mn computer om de een of andere reden niet meer in Veilige modes..
  • Toevallig net voor het fixen van deze items de windows update gedaan die rieske heeft aangegeven?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.