Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Pop ups en spyware en trojan-meldingen van antivirus....

Anoniem
smeenk
1 antwoord
  • Hoi,

    Sinds ik Bitgrabber had geïnstalleerd begon m'n F-secure de ene melding na de andere te geven over spyware en trojans…Onmiddellijk Bitgrabber er terug afgegooid via uninstall en move on boot op andere progs die ik herkende van bitgrabber.

    Heb hierna hitmanpro laten lopen, volledige virusscan (f-secure en cure it) gedaan, ccleaner, en zoveel mogelijk moves on boot (Gipo@Utillities) op alle files die F-secure antivirus er zelf niet afkreeg of kon isoleren. Ook heb ik Smitfraudfix in veilige modus laten lopen, en nog steeds blijf ik irritante pop ups, foutmeldingen, alsook meldingen van trojan en spyware krijgen.

    Hieronder een logfile van hijackThis:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:16:21, on 23/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\TELENE~1\backweb\3638286\Program\SERVIC~1.EXE
    C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
    C:\Program Files\Telenet Internet Security Pack\Anti-Virus\FSGK32.EXE
    C:\Program Files\Telenet Internet Security Pack\backweb\3638286\program\fsbwsys.exe
    C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
    C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fssm32.exe
    C:\Program Files\Telenet Internet Security Pack\Common\FSMB32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Telenet Internet Security Pack\Common\FCH32.EXE
    C:\Program Files\Telenet Internet Security Pack\Common\FAMEH32.EXE
    C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsqh.exe
    C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsrw.exe
    C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
    C:\Program Files\Telenet Internet Security Pack\FSPC\fspc.exe
    C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsav32.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE
    C:\Program Files\LNM Client\Client.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\wes\steam.exe
    C:\Program Files\Save\Save.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\TELENE~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Telenet Internet Security Pack\backweb\3638286\Program\fspex.exe
    C:\Program Files\Telenet Internet Security Pack\FSGUI\fsguidll.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\weazle\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {124B5174-B651-4276-5106-9A744F53AA9B} - (no file)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AdsManager Class - {D1C8F9CE-563E-11D8-813C-005022E14DE3} - C:\Program Files\LNM Client\AddAPI.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Internet Security Pack\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Telenet Internet Security Pack\FSGUI\FSSW.EXE"
    eboot
    O4 - HKLM\..\Run: [Spam Internet Flag Hide] C:\Documents and Settings\All Users\Application Data\Logo 16 Spam Internet\bike tons.exe
    O4 - HKCU\..\Run: [LNM Client] "C:\Program Files\LNM Client\Client.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Steam] "d:\wes\steam.exe" -silent
    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
    O4 - Global Startup: Telenet Internet Security Pack.lnk = C:\Program Files\Telenet Internet Security Pack\backweb\3638286\Program\fspex.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Deze pop-up blokkeren - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: IE-shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-shield… - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\ieshield.dll
    O9 - Extra button: LNM Client - {5D602A21-B929-11d7-A5D3-005022E14DE3} - www.lnm.eu (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://weazle69.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4932/mcfscan.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Telenet Internet Security Pack (BackWeb Plug-in - 3638286) - BackWeb Technologies Inc. - C:\PROGRA~1\TELENE~1\backweb\3638286\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Telenet Internet Security Pack\backweb\3638286\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe





    En eentje van deljob:


    ——————————————————–
    BACKUPS CREATED in C:\DELJOB

    AFEFC91591CC40A9.job
    ——————————————————–
    FILES IN TASKS FOLDER

    Scheduled scanning task.job
    ——————————————————–
    EXPORT APP DATA FOLDERS
    ——————————————————–
    Het volume in station C heeft geen naam.
    Het volumenummer is 60A3-0C5D

    Map van C:\Documents and Settings\weazle\Application Data

    30/12/2006 04:39 <DIR> Adobe
    23/01/2007 03:34 <DIR> ATI
    23/01/2007 01:24 <DIR> BSplayer
    23/01/2007 03:05 <DIR> DoesBall
    30/12/2006 04:27 <DIR> F-Secure
    22/01/2007 17:45 <DIR> Help
    30/12/2006 04:39 <DIR> INTERT~1 InterTrust
    23/01/2007 00:58 <DIR> Lavasoft
    30/12/2006 06:17 <DIR> MACROM~1 Macromedia
    30/12/2006 05:28 <DIR> Mozilla
    30/12/2006 03:08 <DIR> OFFICE~1 OfficeUpdate12
    06/01/2007 05:23 <DIR> PCTOOL~1 PC Tools
    12/01/2007 23:03 <DIR> Real
    13/01/2007 09:23 <DIR> Skype
    30/12/2006 07:01 <DIR> Sun
    0 bestand(en) 0 bytes
    15 map(pen) 4.434.968.576 bytes beschikbaar
    Het volume in station C heeft geen naam.
    Het volumenummer is 60A3-0C5D

    Map van C:\Documents and Settings\All Users\Application Data

    17/01/2007 17:15 <DIR> F-Secure
    11/01/2007 06:19 456 HPZINS~1.LOG hpzinstall.log
    23/01/2007 02:30 <DIR> LOGO16~1 Logo 16 Spam Internet
    05/01/2007 22:10 <DIR> MESSEN~1 Messenger Plus!
    09/01/2007 16:21 <DIR> Skype
    23/01/2007 03:10 <DIR> SPYBOT~1 Spybot - Search & Destroy
    23/01/2007 02:22 <DIR> TEMP
    08/01/2007 03:13 <DIR> WINDOW~1 Windows Genuine Advantage
    1 bestand(en) 456 bytes
    7 map(pen) 4.434.968.576 bytes beschikbaar
    ——————————————————–


    Daarstraks gaf ie zelfs in het opstartmenu: slave not detected, press F4 to abort. No boot record found on drive. Drive error. Na drie harde resets (stopcontact uittrekken) kreeg ik 'm terug aan de praat.

    Kan iemand me uit de nood helpen aub, want ik vrees dat het van kwaad naar erger aan't gaan is. (Hopelijk houdt 'ie 't nog zolang dat ik nog op't net kan, lol).

    Thx anyways…

    Wes

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.