Vraag & Antwoord

Beveiliging & privacy

Dialer?????

Anoniem
trettrettret
4 antwoorden
 • Aloha mensen, ik heb een dialer en ad-aware en norton 2005 zien um niet, nu heb ik met "hijack this" een scan gemaakt. Kan iemand me aangeven wat ik moet doen? of wat ik weg moet halen.
  De dialer belt in op "all"

  Dit is de lijst van de scan:

  Logfile of HijackThis v1.97.7
  Scan saved at 17:54:18, on 13-11-04
  Platform: Windows 98 SE (Win9x 4.10.2222A)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\SYSTEM\KERNEL32.DLL
  C:\WINDOWS\SYSTEM\MSGSRV32.EXE
  C:\WINDOWS\SYSTEM\MPREXE.EXE
  C:\WINDOWS\SYSTEM\MSTASK.EXE
  C:\WINDOWS\SYSTEM\MDM.EXE
  C:\WINDOWS\SYSTEM\Winmodem.101\wmexe.exe
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
  C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
  C:\WINDOWS\SYSTEM\mmtask.tsk
  C:\WINDOWS\EXPLORER.EXE
  C:\WINDOWS\SYSTEM\RNAAPP.EXE
  C:\WINDOWS\SYSTEM\TAPISRV.EXE
  C:\WINDOWS\TASKMON.EXE
  C:\WINDOWS\SYSTEM\SYSTRAY.EXE
  C:\MOUSE\SYSTEM\EM_EXEC.EXE
  C:\WINDOWS\LOADQM.EXE
  C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
  C:\WINDOWS\VSNPSTD.EXEe
  C:\WINDOWS\SYSTEM\STIMON.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
  C:\WINDOWS\SHCH.EXE
  C:\WINDOWS\MSNMSGSGSAF.EXE
  C:\WINDOWS\AU10TRAY.EXE
  C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
  C:\WINDOWS\SYSTEM\WMIEXE.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
  C:\WINDOWS\RUNDLL32.EXE
  C:\WINDOWS\SYSTEM\WINOA386.MOD
  C:\MIJN DOCUMENTEN\JELKE\HIJACKTHIS.EXE
  C:\WINDOWS\SYSTEM\WINOA386.MOD

  R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.linksummary.com/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.linksummary.com/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metdekippenopslok.nl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
  F1 - win.ini: run=hpfsched
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
  O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
  O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
  O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
  O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
  O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\au10setp.exe 3
  O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
  O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [Runner] C:\WINDOWS\csrss.exe /i
  O4 - HKLM\..\Run: [Messanger] C:\WINDOWS\c_pan.exe /i
  O4 - HKLM\..\Run: [Msupdate] C:\WINDOWS\svchosts.exe /i
  O4 - HKLM\..\Run: [NAVCheck] C:\WINDOWS\ssvr.exe /i
  O4 - HKLM\..\Run: [SvcHst] C:\WINDOWS\svchst.exe /i
  O4 - HKLM\..\Run: [snpstd] c:\windows\vsnpstd.exe
  O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
  O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
  O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
  O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\shch.exe /i
  O4 - HKLM\..\Run: [msnmsgsgsfa] C:\WINDOWS\msnmsgsgsaf.exe
  O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
  O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
  O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
  O4 - HKLM\..\RunServices: [Winmodem] Winmodem.101\wmexe.exe
  O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
  O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
  O4 - HKLM\..\RunServices: [NPFMonitor] c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
  O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
  O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
  O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
  O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
  O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
  O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
  O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
  O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
  O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - file://C:\Program Files\MDT6\SysVerChk.ocx
  O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
  O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
  O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
  O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
  O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
  O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\mdt-6\AcDcToday.ocx
  O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.communities.msn.com/controls/FileUC/MsnUpld.cab
  O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37955.2952430556
  O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

  alvast bedankt..
 • Lijkt me wel wat meer an de hand..
  Download de nieuwste versie van hijackthis: http://computercops.biz/downloads-file-328.html
  Pak het bestand uit in een eigen map.

  Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
  [b:c2fca5ba65]
  R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.linksummary.com/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.linksummary.com/

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/

  O4 - HKLM\..\Run: [Runner] C:\WINDOWS\csrss.exe /i
  O4 - HKLM\..\Run: [Messanger] C:\WINDOWS\c_pan.exe /i
  O4 - HKLM\..\Run: [Msupdate] C:\WINDOWS\svchosts.exe /i
  O4 - HKLM\..\Run: [NAVCheck] C:\WINDOWS\ssvr.exe /i
  O4 - HKLM\..\Run: [SvcHst] C:\WINDOWS\svchst.exe /i
  O4 - HKLM\..\Run: [snpstd] c:\windows\vsnpstd.exe
  O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\shch.exe /i
  O4 - HKLM\..\Run: [msnmsgsgsfa] C:\WINDOWS\msnmsgsgsaf.exe
  [/b:c2fca5ba65]

  Als je dit gedaan hebt start je de computer op in veilige modus.
  Zorg dat alle verborgen bestanden weergegeven worden, en verwijder de volgende bestanden of mappen indien aanwezig:
  C:\WINDOWS\csrss.exe <–dit bestand (let op verwijder die in de windows-map)
  C:\WINDOWS\c_pan.exe
  C:\WINDOWS\svchosts.exe
  C:\WINDOWS\svchst.exe
  C:\WINDOWS\shch.exe
  C:\WINDOWS\msnmsgsgsaf.exe

  Reboot de computer en doe liefst bedie online-scans:
  Trend: http://housecall.trendmicro.com/housecall/start_corp.asp
  Panda: http://www.pandasoftware.com/activescan/com/activescan_principal.htm

  Reboot de computer, run HijackThis opnieuw en post een nieuwe log.
 • Hee M@RC,

  Ik heb het allemaal gedaan en hier is de nieuwe log file,

  Logfile of HijackThis v1.98.2
  Scan saved at 23:00:27, on 13-11-04
  Platform: Windows 98 SE (Win9x 4.10.2222A)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\SYSTEM\KERNEL32.DLL
  C:\WINDOWS\SYSTEM\MSGSRV32.EXE
  C:\WINDOWS\SYSTEM\MPREXE.EXE
  C:\WINDOWS\SYSTEM\MSTASK.EXE
  C:\WINDOWS\SYSTEM\MDM.EXE
  C:\WINDOWS\SYSTEM\Winmodem.101\wmexe.exe
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
  C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
  C:\WINDOWS\SYSTEM\mmtask.tsk
  C:\WINDOWS\EXPLORER.EXE
  C:\WINDOWS\SYSTEM\RNAAPP.EXE
  C:\WINDOWS\SYSTEM\TAPISRV.EXE
  C:\WINDOWS\TASKMON.EXE
  C:\WINDOWS\SYSTEM\SYSTRAY.EXE
  C:\MOUSE\SYSTEM\EM_EXEC.EXE
  C:\WINDOWS\LOADQM.EXE
  C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
  C:\WINDOWS\SYSTEM\STIMON.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
  C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
  C:\WINDOWS\AU10TRAY.EXE
  C:\WINDOWS\SYSTEM\WMIEXE.EXE
  C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
  C:\MIJN DOCUMENTEN\JELKE\HIJECK THIS\HIJACKTHIS.EXE

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metdekippenopslok.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
  O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
  O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
  O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
  O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\au10setp.exe 3
  O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
  O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
  O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
  O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
  O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
  O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
  O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
  O4 - HKLM\..\RunServices: [Winmodem] Winmodem.101\wmexe.exe
  O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
  O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
  O4 - HKLM\..\RunServices: [NPFMonitor] c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
  O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
  O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
  O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
  O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
  O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
  O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
  O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
  O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
  O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
  O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
  O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - file://C:\Program Files\MDT6\SysVerChk.ocx
  O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
  O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
  O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
  O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
  O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
  O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\mdt-6\AcDcToday.ocx
  O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.communities.msn.com/controls/FileUC/MsnUpld.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab


  Alvast bedankt!!! :D
 • Dit ziet er al stukken gezonder uit trettrettret.
  Hoe is de situatie nu?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.