Vraag & Antwoord

Beveiliging & privacy

CWS.Homesearch???

Anoniem
peterpiloot
4 antwoorden
 • Ik heb van alles geprobeerd maar nu toch echt ten einde raad. Wie kan mij helpen?

  Ik heb ineens een probleem met mijn startpagina van IE en wel dat deze wijzigt in About: Blank. Ook als ik het weer verander zoals ik het wil.
  Spybot ziet wat er gebeurt en waarschuwt dat er wijzigingen gaan optreden in het register en wel in de Search page als in de Search Assistent.
  Spybot verwijdert ook braaf de spyware maar na herstarten is het gewoon weer terug.
  CWShredder komt met CSW.Homesearch en verwijdert deze ook echter na herstarten is het wederom weer terug.
  Adaware ziet niets.
  SpySubtract Pro 3.0 ziet het ook, verwijdert het ook en je raadt het al: daarna is de ellende gewoon weer terug.
  Tevens is mijn PC bijzonder traag geworden, waarschijnlijk omdat er van alles met het register gebeurt.
  HijackThis ziet ook dat About: Blank en ook daar kan ik het verwijderen maar na herstarten is de ellende gewoon weer bezig.

  Verder zijn er ook toevoegingen aan mijn Favorieten-lijst. Ook die kan ik verwijderen, en ook die komen iedere keer terug (dezelfde).

  Wie kan mij helpen??? Alvast bedankt!!!!

  Hier het Log van HijackThis: Let vooral op de searchbar in HKCU: Deze .dll's veranderen iedere keer als ik de troep verwijderd heb, zoals boven genoemd. Nu is het yekhh, maar ik heb ook al agyqb.dll en hcrle.dll en anfng.dll gehad. Deze heb ik al verwijderd maar er komt iedere keer een nieuwe voor terug.

  Logfile of HijackThis v1.99.1
  Scan saved at 21:31:49, on 6-6-2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Ahead\InCD\InCDsrv.exe
  C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Norton Internet Security\ISSVC.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\System32\cisvc.exe
  C:\WINDOWS\System32\CTsvcCDA.EXE
  C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
  C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
  C:\WINDOWS\System32\nvsvc32.exe
  C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
  C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\Program Files\Creative\ShareDLL\CtNotify.exe
  C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
  C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
  C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
  C:\WINDOWS\MXOALDR.EXE
  C:\Program Files\Creative\ShareDLL\MediaDet.Exe
  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
  C:\WINDOWS\system32\hphmon06.exe
  C:\PROGRA~1\HEWLET~1\{BA2D9~1\pexpress\hphPED06.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\apprs.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\WINDOWS\System32\HPZipm12.exe
  C:\WINDOWS\NCLAUNCH.EXe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
  C:\Program Files\3M\PSN2Lite\PsnLite.exe
  C:\Program Files\Psion\PsiWin\Psconsv.exe
  C:\Program Files\InterMute\SpySubtract\SpySub.exe
  C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
  C:\PROGRA~1\Psion\PsiWin\Elogerr.exe
  C:\Program Files\Microsoft Office\Office10\msoffice.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
  C:\WINDOWS\d3kc.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.flightweb.org/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\flightweb.org
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - Default URLSearchHook is missing
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
  O2 - BHO: Class - {C0AF1A72-C593-86BD-A152-F16A9AEADFB1} - C:\WINDOWS\system32\atlco.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
  O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
  O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
  O4 - HKLM\..\Run: [LiveNote] livenote.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
  O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
  O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
  O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
  O4 - HKLM\..\Run: [HPHped06] C:\PROGRA~1\HEWLET~1\{BA2D9~1\pexpress\hphPED06.exe
  O4 - HKLM\..\Run: [apprs.exe] C:\WINDOWS\apprs.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
  O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
  O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
  O4 - Startup: BounceBack Launcher.lnk = ?
  O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\PsnLite.exe
  O4 - Global Startup: PsiWin 2.3 Connection Server.lnk = C:\Program Files\Psion\PsiWin\Psconsv.exe
  O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
  O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -
  O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) -
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) -
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_01) -
  O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
  O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
  O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
  O16 - DPF: {B817734E-046C-11D3-B674-00104BA25195} - http://pmb001.3m.com/pub/psnotes/psnudate.cab
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in 1.4.2_01) -
  O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
  O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - http://asp06.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
  O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
  O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} -
  O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} - http://www.zoomify.com/download/zoomify305.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{9EB491A8-9B7F-4E06-BA88-327875EF005F}: NameServer = 194.134.5.5 194.134.0.97
  O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\d3kc.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
  O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
  O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
  O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
  O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
  O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 • Je geeft zelf al aan dat de naam van de dll steeds wijzigd.

  Dus als je de PC weer opnieuw in normale mode hebt opgestart zou de onderstaande fix niet meer helemaal correct zijn. Voer deze toch maar uit.
  Als de dll dus is gewijzigd moet je die nieuwe dll maar in de fix gebruiken.

  Print onderstaande instructie ook uit.
  Download en installeer CCleaner
  Nog niet gebruiken.

  Download het bestand HSfix.zip.
  Unzip het en plaats het op je bureaublad, zodat je dit later makkelijk kan terug vinden wanneer je het nodig hebt.

  Download CWShredder.
  Plaats het bestand ergens waar je het makkelijk kan terug vinden, maar gebruik het nu nog niet.

  Download About:buster. Unzip het naar c:\aboutbuster en controleer of er updates beschikbaar zijn. Installeer deze.
  Gebruik het programma nog niet.

  TeaTimer is actief.
  Deze moet tijdelijk worden gestopt om de wijzigingen van hijackthis aan het register door te kunnen voeren.
  Kijk evt op http://russelltexas.com/malware/teatimer.htm

  Zorg dat alle verborgen bestanden weergegeven worden.

  De reparatie moet worden uitgevoerd in VEILIGE mode.
  Start je PC op in VEILIGE mode.
  Kijk hier hoe dat moet.

  Er is een beperking in Internet Explorer waardoor je niet alle instellingen kunt wijzigen.
  Mogelijk dat dit door Spybot S&D is ingesteld.
  Wil je dit toch kunnen doen dan laat je onderstaande ook repareren door HijackThis:

  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


  Start Hijackthis op en kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:4540c6785b]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yekhh.dll/sp.html#44768
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R3 - Default URLSearchHook is missing
  O2 - BHO: Class - {C0AF1A72-C593-86BD-A152-F16A9AEADFB1} - C:\WINDOWS\system32\atlco.dll
  O4 - HKLM\..\Run: [apprs.exe] C:\WINDOWS\apprs.exe
  O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} -
  O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\d3kc.exe
  [/b:4540c6785b]Stop alle toepassingen behalve hijackthis.
  Klik op 'Fix checked' om de items te verwijderen.

  Zorg dat de besturingssysteembestanden en verborgen bestanden zichtbaar zijn
  De volgende bestanden verwijderen:[b:4540c6785b]
  C:\WINDOWS\system32\atlco.dll
  C:\WINDOWS\system32\yekhh.dll
  C:\WINDOWS\apprs.exe
  C:\WINDOWS\d3kc.exe
  [/b:4540c6785b]

  Dubbelklik op [b:4540c6785b]HSfix.reg[/b:4540c6785b] en laat de wijzigingen aan het register toe voegen.

  Start CCleaner
  Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden.
  Kies in ieder geval voor de volgende items:
  Internet Explorer:
  - Tijdelijke Internet bestanden
  Systeem:
  - Prullenbak leegmaken
  - Tijdelijke bestanden

  klik nu in Ccleaner op opschonen (rechts onderaan).

  Herstel je webinstellingen: ga naar Configuratiescherm – Internetopties – tabblad Programma’s. Klik op de knop Webinstellingen herstellen.

  Start CWShredder en klik op de fix-knop.

  Start About:buster. Wanneer het programma vraagt om een tweede keer te scannen doe je dit.

  Herstart de computer nu in normale mode.

  Doe daarna een online virusscan:TrendMicro Housecall
  Vink het vakje met Auto Clean aan.
  Laat het volledig je systeem scannen (Dit zal een tijdje duren)

  Start Hijackthis opnieuw en post een nieuwe log en het log van AboutBuster

  Sjaak
 • Hoi Sjaak,

  Volgens mij heeft dit gewerkt!!!
  Ontzettend bedankt voor je hulp, dit had ik nooit zelf kunnen bedenken.

  Ik voeg bij het log van AboutBuster en HijackThis.

  Nogmaals bedankt :D

  AboutBuster 5.0 reference file 28
  Scan started on [7-6-2005] at [12:43:47]
  ————————————————
  Removed Stream! C:\WINDOWS\Blauw 16.bmp:buwzyz
  Removed Stream! C:\WINDOWS\bootstat.dat:mvonbb
  Removed Stream! C:\WINDOWS\Thumbs.db:encryptable
  Removed Stream! C:\WINDOWS\wininit.ini:dwfyqj
  Removed Stream! C:\WINDOWS\{00000000-00000000-0000000E-00001102-00000004-00511102}.CDF:qttpce
  ————————————————
  Removed File! : C:\Windows\ixark.dat
  Removed File! : C:\Windows\System32\ikpei.dat
  ————————————————
  Scan was COMPLETED SUCCESSFULLY at 12:44:11


  AboutBuster 5.0 reference file 28
  Scan started on [7-6-2005] at [13:29:29]
  ————————————————
  No Ads Found!
  ————————————————
  No Files Found!
  ————————————————
  Scan was COMPLETED SUCCESSFULLY at 13:29:52


  Logfile of HijackThis v1.99.1
  Scan saved at 13:27:49, on 7-6-2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Ahead\InCD\InCDsrv.exe
  C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Norton Internet Security\ISSVC.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\System32\cisvc.exe
  C:\WINDOWS\System32\CTsvcCDA.EXE
  C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
  C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
  C:\WINDOWS\System32\nvsvc32.exe
  C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
  C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\Program Files\Creative\ShareDLL\CtNotify.exe
  C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
  C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
  C:\Program Files\Creative\ShareDLL\MediaDet.Exe
  C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
  C:\WINDOWS\MXOALDR.EXE
  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
  C:\WINDOWS\system32\hphmon06.exe
  C:\PROGRA~1\HEWLET~1\{BA2D9~1\pexpress\hphPED06.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\WINDOWS\NCLAUNCH.EXe
  C:\WINDOWS\System32\HPZipm12.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
  C:\Program Files\3M\PSN2Lite\PsnLite.exe
  C:\Program Files\Psion\PsiWin\Psconsv.exe
  C:\Program Files\Microsoft Office\Office10\msoffice.exe
  C:\PROGRA~1\Psion\PsiWin\Elogerr.exe
  C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
  C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
  C:\WINDOWS\system32\cidaemon.exe
  C:\Program Files\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.flightweb.org/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\flightweb.org
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
  O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
  O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
  O4 - HKLM\..\Run: [LiveNote] livenote.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
  O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
  O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
  O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
  O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
  O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
  O4 - HKLM\..\Run: [HPHped06] C:\PROGRA~1\HEWLET~1\{BA2D9~1\pexpress\hphPED06.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
  O4 - Startup: BounceBack Launcher.lnk = ?
  O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\PsnLite.exe
  O4 - Global Startup: PsiWin 2.3 Connection Server.lnk = C:\Program Files\Psion\PsiWin\Psconsv.exe
  O4 - Global Startup: SpySubtract.lnk.disabled
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
  O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
  O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -
  O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) -
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) -
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_01) -
  O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
  O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
  O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
  O16 - DPF: {B817734E-046C-11D3-B674-00104BA25195} - http://pmb001.3m.com/pub/psnotes/psnudate.cab
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in 1.4.2_01) -
  O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
  O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - http://asp06.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
  O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
  O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} - http://www.zoomify.com/download/zoomify305.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{9EB491A8-9B7F-4E06-BA88-327875EF005F}: NameServer = 194.134.5.5 194.134.0.97
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
  O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
  O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
  O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
  O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
  O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
  O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 • Ziet er heel goed uit.
  Je hebt de scan van Housecall ook uitgevoerd.

  Deze infectie kan lastig zijn, maar als je de instructies goed opvolgt en niet een paar dagen wacht dan lukt het wel, zoals je hebt gezien.

  Sjaak

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.