Vraag & Antwoord

Beveiliging & privacy

UnSpy

Anoniem
gerben
11 antwoorden
 • Hallo,

  Ik heb een of ander raar programma op mijn computer genaam UnSpy. Als ik zo een beetje op internet rondkijk kan ik nergens een oplossing vinden voor het verwijderen van dit zwaar irritante programma.

  Heeft iemand een oplossing? Het gaat om UnSpy en het is met geen anti spyware programma weg te krijgen. Wanneer ik hitmanpro bijv aanzet, dan loopt mijn computer vast.

  Hoop graag zsm iets van iemand van jullie te mogen vernemen!

  Groeten en alvast bedankt,
  Jeroen
 • Maar eens beginnen met een hijackthis logje?
 • Hoi Gerben,

  Hieronder mijn logfile. Je zult het niet geloven, maar ik heb het idee dat het programma unspy al weg is… geen idee wat ik gedaan heb. Graag wil ik je toch even voor de zekerheid naar mijn logfile laten kijken.

  ogfile of HijackThis v1.99.1
  Scan saved at 14:09:24, on 8-4-2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\csrss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  C:\WINDOWS\system32\LEXBCES.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\LEXPPS.EXE
  C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  C:\Program Files\Eset\nod32krn.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
  C:\Program Files\Dell\Media Experience\PCMService.exe
  C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Wanadoo\AntiVirus\AVRealTime.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-nl\bin\WindowsSearch.exe
  C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-nl\bin\WindowsSearchIndexer.exe
  C:\WINDOWS\system32\wdfmgr.exe
  C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\System32\alg.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-nl\bin\WindowsSearchFilter.exe
  C:\DOCUME~1\NIELSE~1\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: (no name) - {A7A08CEF-2A13-6E29-2D98-611A2C159312} - Uint32.dll (file missing)
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll
  O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
  O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll
  O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
  O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
  O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
  O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [Preventon RealTime Antivirus] C:\Program Files\Wanadoo\AntiVirus\AVRealTime.exe
  O4 - HKLM\..\Run: [abrek] EXE32EXE.exe
  O4 - HKLM\..\Run: [bnui] stuffmon.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
  O4 - HKCU\..\Run: [TemplateDongle] Trayz.exe
  O4 - HKCU\..\Run: [Bogobot] killall.exe
  O4 - HKCU\..\Run: [keybdll] ABCXYZ.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\nl-nl\bin\WindowsSearch.exe
  O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll/search.htm
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
  O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/229?a818fcc6dedd40df8b9e44fd3729e1c0
  O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/230?a818fcc6dedd40df8b9e44fd3729e1c0
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (file missing) (HKCU)
  O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (file missing) (HKCU)
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
  O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{2C6622EE-4D1C-4D3A-BB5A-DE12F10055E4}: NameServer = 85.255.115.54,85.255.112.105
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
  O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (file missing)
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  O23 - Service: sweepsrv.sys - Sophos Plc - C:\Program Files\Wanadoo\AntiVirus\sweepsrv.sys
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


  Ook ben ik benieuwd of mijn computer wel optimaal beveiligd is. Kan je dat hier misschien ook aan aflezen? Sorry, ik ben een redelijke digibeet :-?
 • oke, Gerben handel jij dit af?
  Zoniet doe ik het,

  Of iemand anders claim het logje even :wink:

  Greetz chrizz
 • Ga gerust je gang; geen claim dus.
 • Hopelijk is er een beetje uit te komen? Helaas krijg ik het filetje niet schoner aangezien alle anti spyware programma's blokkeren :-(
 • Hoi ''Jeroentjuh26'' :)

  Download
 • Komt ie:


  Fixwareout ver 1.003
  Last edited march/15/2006
  Post this report in the forums please

  Reg Entries that were deleted
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\yhbmd
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif


  Random Runs removed from HKLM
  "dmbhy.exe"=-


  PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

  »»»»» Search by size and names…
  * csr.exe C:\WINDOWS\System32\CSADZ.EXE

  »»»»» Misc files
  * thequicklink C:\WINDOWS\System32\CINEW.DLL

  »»»»» Checking for older varients covered by the Rem3 tool


  Bedankt alvast voor de moeite! :P
 • Mag ik ook nog even een nieuw Hijackthis logje?
 • logje staat volgens mij hier

  http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=159697
 • Jeroen,

  Wil je a.u.b. Ff hier in [b:0daf158a77]DIT TOPIC (!)[/b:0daf158a77] je logs praten,En geen nieuwe topics openen,dit maakt het overzichtelijker voor mij .

  Groeten christian.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.