Spyware komt terug met opstarten PC

Spyware, Adaware, Spybot S&D, Ad-Aware, Spyblaster, HijackThis en meer.

Moderator: MandersOnline

Plaats reactie
steve
Beginner
Beginner
Berichten: 16
Lid geworden op: do 30 dec 2004, 0:45

Spyware komt terug met opstarten PC

Bericht door steve »

Hallo Pieter ik zit met de volgende probleem als ik spybot laat lopen of adware kom ik de volgende spyware tegen
BDE Projector: Program directory (Directory, nothing done)
C:\WINDOWS\BDE\

AbetterInternet: Data (File, nothing done)
C:\WINDOWS\inf\farmmext.inf

CallingHome.biz: <$DIR_TEMP> (Directory, nothing done)
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\..\Temp\THI2824.tmp

CallingHome.biz: <$DIR_TEMP> (Directory, nothing done)
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\..\Temp\THI1A8D.tmp

CallingHome.biz: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-59D4-4008-9058-080011001200}

CallingHome.biz: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{00000000-59D4-4008-9058-080011001200}

CallingHome.biz: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\DLMaxDll.DLMaxDllObj.1

CallingHome.biz: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\DLMaxDll.DLMaxDllObj

CallingHome.biz: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2424629274-2564294346-1321446302-1003\Software\DLMax


--- Spybot - Search && Destroy version: 1.3 ---
2005-03-03 Includes\Cookies.sbi
2005-03-16 Includes\Dialer.sbi
2005-03-17 Includes\Hijackers.sbi
2005-03-17 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-03-16 Includes\Malware.sbi
2005-03-17 Includes\PUPS.sbi
2005-03-17 Includes\Revision.sbi
2005-02-09 Includes\Security.sbi
2005-03-17 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-03-16 Includes\Trojans.sbi
Die doe ik ook verwijderen maar telkens ik mijn pc opnieuw opstart zitten ze er weer in !!
Wat kan er tegen doen :?:
ik heb meteen ook een logfile gemaakt
Logfile of HijackThis v1.99.0
Scan saved at 12:20:41, on 23/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ktajqcvc.exe
C:\Documents and Settings\Eigenaar\Bureaublad\Downloads\programma\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\Windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\hp\drivers\keyboard\PS2.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [wwoiccsq] C:\WINDOWS\System32\ktajqcvc.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: Exporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{392B294F-1776-406A-98A3-1A794F474773}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
aub kun je me helpen
m.v.d Steve
Omhoog
MandersOnline
Manders Online
Manders Online
Berichten: 23687
Lid geworden op: zo 03 aug 2003, 1:12
Locatie: Amsterdam
Contacteer:
Contacteer MandersOnline

Bericht door MandersOnline »

Logfile of HijackThis v1.99.0
Scan saved at 12:20:41, on 23/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

O4 - HKLM\..\Run: [wwoiccsq] C:\WINDOWS\System32\ktajqcvc.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
Bezoek ook gerust de website https://mandersonline.nl
Omhoog
steve
Beginner
Beginner
Berichten: 16
Lid geworden op: do 30 dec 2004, 0:45

Bericht door steve »

Heel erg bedankt Pieter alles is clean nu dank ze u weer :lol:
Thanks :!: :!: :!:
Omhoog
MandersOnline
Manders Online
Manders Online
Berichten: 23687
Lid geworden op: zo 03 aug 2003, 1:12
Locatie: Amsterdam
Contacteer:
Contacteer MandersOnline

Bericht door MandersOnline »

Ja graag gedaan hoor, volgende keer misschien eerst een log laten aanmaken en daarna scannen werkt vaak iets beter, dan komt het niet steeds terug bij opstarten.
Bezoek ook gerust de website https://mandersonline.nl
Omhoog
Plaats reactie

Terug naar “Spyware en Adaware bestrijding”