Vraag & Antwoord

Beveiliging & privacy

Windows popup, spyware detected

Anoniem
Andre.R
11 antwoorden
 • Sinds een dag heb ik last van een vervelende Windows popup:

  Windows error service
  Windows detected Spyware on your computer Download free Spyware Scanner & Remover

  dan kan ik klikken op ok en annuleren, als ik op annuleren druk verschijnt de popup na een tijdje weer, als ik op ok klik wilt hij het bestand raze.exe downloaden, van de site www.razespyware.com

  Ik heb Ad-aware 6.0 en Spybot - Search & Destroy laten scannen maar leverd niks op.

  Wie kan mij helpen?

  hier is mijn HijackThis log:

  Logfile of HijackThis v1.99.1
  Scan saved at 14:08:04, on 3-5-2005
  Platform: Windows XP (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 (6.00.2600.0000)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  E:\Logitech\iTouch.exe
  E:\Logitech\SYSTEM\EM_EXEC.EXE
  C:\Program Files\Media Access\MediaAccK.exe
  C:\Program Files\Media Access\MediaAccess.exe
  C:\WINDOWS\system32\inetsrv\services.exe
  C:\WINDOWS\System32\ctfmon.exe
  H:\SpywareGuard\sgmain.exe
  H:\SpywareGuard\sgbhp.exe
  C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  E:\Norton AntiVirus 2004 - Michiel\navapsvc.exe
  E:\Norton AntiVirus 2004 - Michiel\AdvTools\NPROTECT.EXE
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  E:\Norton AntiVirus 2004 - Michiel\SAVScan.exe
  C:\WINDOWS\System32\wuauclt.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  H:\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - H:\SpywareGuard\dlprotect.dll
  O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - H:\FLASHGET\jccatch.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Norton AntiVirus 2004 - Michiel\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton AntiVirus 2004 - Michiel\NavShExt.dll
  O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - H:\FLASHGET\fgiebar.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
  O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
  O4 - HKLM\..\Run: [Advanced Tools Check] E:\NORTON~4\AdvTools\ADVCHK.EXE
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [zBrowser Launcher] E:\Logitech\iTouch.exe
  O4 - HKLM\..\Run: [EM_EXEC] E:\Logitech\SYSTEM\EM_EXEC.EXE
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
  O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
  O4 - HKLM\..\Run: [mlaz] C:\WINDOWS\mlaz.exe
  O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\System32\cjvywr.exe
  O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
  O4 - HKLM\..\Run: [CloneCDTray] "H:\CloneCD\CloneCDTray.exe" /s
  O4 - HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe
  O4 - HKLM\..\Run: [AdRotator.Application] C:\WINDOWS\system32\drivers\csrss.exe
  O4 - HKLM\..\Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:\WINDOWS\system32\wbem\svchost.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - Startup: SpywareGuard.lnk = H:\SpywareGuard\sgmain.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\MICROS~1\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Ontvang alles met FlashGet - H:\FLASHGET\jc_all.htm
  O8 - Extra context menu item: Ontvang met FlashGet - H:\FLASHGET\jc_link.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\MICROS~1\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
  O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
  O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\FLASHGET\flashget.exe
  O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\FLASHGET\flashget.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
  O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c7.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
  O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Norton AntiVirus 2004 - Michiel\navapsvc.exe
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Norton AntiVirus 2004 - Michiel\AdvTools\NPROTECT.EXE
  O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: SAVScan - Symantec Corporation - E:\Norton AntiVirus 2004 - Michiel\SAVScan.exe
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 • Niet gewoon messenger spam? Kun je een screenshot van de popup plaatsen?

  http://grc.com/stm/shootthemessenger.htm
 • Even dacht ik dat shootthemesenger hielp, maar na een paar minuten kwan de popup weer. Dit is een screenshot ervan:


  [img:b2844c6d86]http://home.hccnet.nl/a.ram/error.JPG[/img:b2844c6d86]
 • Flashget zit spyware in.
  http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077947
 • Nee, dat moet inderdaad iets anders zijn. Wacht het oordeel van de experts maar even af.
 • Ja, er moet nog wel wat gebeuren op deze PC.

  Download Pocket Killbox.
  Pak het uit, gebruik het nog niet.

  Start Hijackthis op en kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:37723553b5]O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
  O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\System32\cjvywr.exe
  O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
  O4 - HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe
  O4 - HKLM\..\Run: [AdRotator.Application] C:\WINDOWS\system32\drivers\csrss.exe
  O4 - HKLM\..\Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:\WINDOWS\system32\wbem\svchost.exe
  O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
  O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
  O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c7.cab
  [/b:37723553b5]Klik op 'Fix checked' om de items te verwijderen

  Zorg dat de besturingssysteembestanden en verborgen bestanden zichtbaar zijn
  De volgende directories/bestanden verwijderen:[b:37723553b5]
  C:\WINDOWS\System32\cjvywr.exe
  C:\WINDOWS\System32\cjvywr.dat
  C:\WINDOWS\System32\gah95on6.exe
  C:\WINDOWS\system32\inetsrv\services.exe
  C:\WINDOWS\system32\drivers\csrss.exe
  C:\WINDOWS\system32\wbem\svchost.exe
  [/b:37723553b5]

  Start nu Killbox op en klik op "Delete on reboot"

  In het venster plaats je nu de volgende directory:
  [b:37723553b5]C:\Program Files\Media Access[/b:37723553b5]

  Klik op de rode cirkel met het witte kruis en geef toestemming om de directory te verwijderen en een tweede keer om de PC te rebooten.

  Maak een nieuw log met hijackthis ter controle.

  Kan je het volgende bestand bij jotti http://virusscan.jotti.org/ laten scannen.
  —>C:\WINDOWS\mlaz.exe

  Post ook dat resultaat.
  Sjaak
 • Bedankt voor je antwoord sjaak,
  ik heb precies gedaan wat je zei, alleen C:\WINDOWS\System32\cjvywr.exe en cjvywr.dat kon ik niet vinden. En het bestand C:\WINDOWS\system32\inetsrv\services.exe kon hij niet verwijderen omdat hij in gebruik is (heb geprobeerd proces te sluiten maar dat kon ook niet)

  Het bestand C:\WINDOWS\mlaz.exe het ik niet dus kan daar ook geen scan van geven.
  Dit is het nieuwe Hiijack log, (p.s. heb tot nu toe nog geen last gehad van popup) Ik zie al dat Media Access er nog tussen staat, dus dat zal wel geen goed teken zijn…

  Logfile of HijackThis v1.99.1
  Scan saved at 19:28:22, on 3-5-2005
  Platform: Windows XP (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 (6.00.2600.0000)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  E:\Logitech\iTouch.exe
  E:\Logitech\SYSTEM\EM_EXEC.EXE
  C:\WINDOWS\system32\inetsrv\services.exe
  C:\Program Files\Media Access\MediaAccK.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Program Files\Media Access\MediaAccess.exe
  H:\SpywareGuard\sgmain.exe
  H:\SpywareGuard\sgbhp.exe
  C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  E:\Norton AntiVirus 2004 - Michiel\navapsvc.exe
  E:\Norton AntiVirus 2004 - Michiel\AdvTools\NPROTECT.EXE
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  E:\Norton AntiVirus 2004 - Michiel\SAVScan.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\WINDOWS\System32\wuauclt.exe
  H:\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - H:\SpywareGuard\dlprotect.dll
  O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - H:\FLASHGET\jccatch.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Norton AntiVirus 2004 - Michiel\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton AntiVirus 2004 - Michiel\NavShExt.dll
  O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - H:\FLASHGET\fgiebar.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
  O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
  O4 - HKLM\..\Run: [Advanced Tools Check] E:\NORTON~4\AdvTools\ADVCHK.EXE
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [zBrowser Launcher] E:\Logitech\iTouch.exe
  O4 - HKLM\..\Run: [EM_EXEC] E:\Logitech\SYSTEM\EM_EXEC.EXE
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
  O4 - HKLM\..\Run: [mlaz] C:\WINDOWS\mlaz.exe
  O4 - HKLM\..\Run: [CloneCDTray] "H:\CloneCD\CloneCDTray.exe" /s
  O4 - HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe
  O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
  O4 - HKLM\..\Run: [AdRotator.Application] C:\WINDOWS\system32\drivers\csrss.exe
  O4 - HKLM\..\Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:\WINDOWS\system32\wbem\svchost.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - Startup: SpywareGuard.lnk = H:\SpywareGuard\sgmain.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\MICROS~1\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Ontvang alles met FlashGet - H:\FLASHGET\jc_all.htm
  O8 - Extra context menu item: Ontvang met FlashGet - H:\FLASHGET\jc_link.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\MICROS~1\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\FLASHGET\flashget.exe
  O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\FLASHGET\flashget.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
  O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Norton AntiVirus 2004 - Michiel\navapsvc.exe
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Norton AntiVirus 2004 - Michiel\AdvTools\NPROTECT.EXE
  O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: SAVScan - Symantec Corporation - E:\Norton AntiVirus 2004 - Michiel\SAVScan.exe
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 • Sh!t net na het plaatsen van vorige bericht. PING….. Popup
 • André,

  Herstart je PC in VEILIGE mode
  Kijk hier hoe dat moet en voer dan het volgende uit:

  Start Hijackthis op en kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:4b1c522226]O4 - HKLM\..\Run: [mlaz] C:\WINDOWS\mlaz.exe
  O4 - HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe
  O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
  O4 - HKLM\..\Run: [AdRotator.Application] C:\WINDOWS\system32\drivers\csrss.exe
  O4 - HKLM\..\Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:\WINDOWS\system32\wbem\svchost.exe
  [/b:4b1c522226]Klik op 'Fix checked' om de items te verwijderen

  Zorg dat de besturingssysteembestanden en verborgen bestanden zichtbaar zijn
  De volgende directories/bestanden verwijderen:[b:4b1c522226]
  C:\Program Files\Media Access\
  C:\WINDOWS\system32\inetsrv\services.exe
  C:\WINDOWS\system32\drivers\csrss.exe
  C:\WINDOWS\system32\wbem\svchost.exe
  [/b:4b1c522226]

  Sjaak
 • Oke heb ik gedaan, hopen dat het nu goed is
  Dit is het nieuwe hiijackthis log:

  Logfile of HijackThis v1.99.1
  Scan saved at 20:01:26, on 3-5-2005
  Platform: Windows XP (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 (6.00.2600.0000)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  E:\Logitech\iTouch.exe
  E:\Logitech\SYSTEM\EM_EXEC.EXE
  C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
  C:\WINDOWS\System32\ctfmon.exe
  H:\SpywareGuard\sgmain.exe
  H:\SpywareGuard\sgbhp.exe
  C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  E:\Norton AntiVirus 2004 - Michiel\navapsvc.exe
  E:\Norton AntiVirus 2004 - Michiel\AdvTools\NPROTECT.EXE
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  E:\Norton AntiVirus 2004 - Michiel\SAVScan.exe
  H:\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - H:\SpywareGuard\dlprotect.dll
  O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Norton AntiVirus 2004 - Michiel\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Norton AntiVirus 2004 - Michiel\NavShExt.dll
  O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
  O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
  O4 - HKLM\..\Run: [Advanced Tools Check] E:\NORTON~4\AdvTools\ADVCHK.EXE
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [zBrowser Launcher] E:\Logitech\iTouch.exe
  O4 - HKLM\..\Run: [EM_EXEC] E:\Logitech\SYSTEM\EM_EXEC.EXE
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
  O4 - HKLM\..\Run: [CloneCDTray] "H:\CloneCD\CloneCDTray.exe" /s
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - Startup: SpywareGuard.lnk = H:\SpywareGuard\sgmain.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\MICROS~1\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\MICROS~1\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
  O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Norton AntiVirus 2004 - Michiel\navapsvc.exe
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Norton AntiVirus 2004 - Michiel\AdvTools\NPROTECT.EXE
  O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: SAVScan - Symantec Corporation - E:\Norton AntiVirus 2004 - Michiel\SAVScan.exe
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 • Logje ziet er goed uit.

  Mochten er toch nog popups verschijnen dan zou wil ik vragen om het volgende uit te voeren:

  Download Silent Runners
  Unzip het naar een eigen map.
  Start SilentRunners.vbs
  Wanneer je antivirusprogramma een melding geeft, sta je toe om dit script uit te voeren.
  Er wordt een logje geplaatst in de map van waar je Silentrunners gestart hebt. Post dan de inhoud van dat log.

  En wat Flashget betreft.
  Dit is door SpywareWarrior op de zwarte lijst gezet.
  Kijk hier: http://www.spywarewarrior.com/rogue_anti-spyware.htm

  Dus mag je deïnstalleren. Spybot en Ad-aware zijn beide goed en vullen elkaar aan.

  Verder regelmatig de Temp directory leegmaken en Tijdelijke internet bestanden verwijderen.

  Kijk ook nog eens naar de updates van XP en Internet Explorer.
  XP geen SP1 of SP2
  IE: 6.00.2600.0000 -> 6.00.2900.2180 (bij SP2)

  Sjaak

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.