Last van veel popp ups en veranderende startpagina

Piedro

16-10-2005 12:16

Ook ik heb als zovelen last van heel veel popp ups en een veranderende startpagina, Af en toe virus meldingen (trojans) met vaak als geifecteerd bestand cashmatch.exe in map temporary files.
Volgende acties ondernomen:
Gescand met ad-aware, loopt altijd na enkele minuten scannen al vast
Gescand met search & destroy, ongeveer 60 problemen gefixd
Gescand met Cw shedder, ook aantal gefixd
Scan gemaakt met hijckThis en log hieronder geplaats
Wie kan me verder helpen?
Groeten Piedro
Logfile of HijackThis v1.99.1
Scan saved at 12:07:08, on 16-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$KBPC\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\Dit.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Messenger Plus! 3\MsgPlus1.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\calcheck.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Pieter\Mijn documenten\Mijn ontvangen bestanden\Hijackthis\hijackthis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lrwnvqgjloxqznden.info/GKnvVVipcsVnHs9p/Z3aGu9SaI8vd8S9iwKkibHBv5gGVY48epIcd72KkStpdyD0.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9DA19A46-400D-E36D-E161-311C32420449} - C:\DOCUME~1\Kees\APPLIC~1\UPLOAD~1\Cash Math.exe (file missing)
O2 - BHO: (no name) - {C6626FE0-DDD3-E735-B758-2AFAF6979C85} - C:\DOCUME~1\Kees\APPLIC~1\UPLOAD~1\Cash Math.exe (file missing)
O4 - HKLM\..\Run: C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: Dit.exe
O4 - HKLM\..\Run: RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: “C:\Program Files\Messenger Plus! 3\MsgPlus1.exe”
O4 - HKLM\..\Run: C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: “C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE” /APPLY
O4 - HKLM\..\Run: “C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe”
O4 - HKLM\..\Run: C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE /partner SS1
O4 - HKLM\..\Run: C:\Documents and Settings\All Users\Application Data\dvd send pop third\CopyPeak.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: C:\DOCUME~1\Pieter\APPLIC~1\64DRAW~1\Obj army.exe
O4 - HKCU\..\Run: “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Servicebeheer.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\calcheck.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
LynX

16-10-2005 13:14

Heb je onder je pop-up blocker wel aangevinkt:?
Welke anti-virus prog. gebruik je eigenlijk?
Piedro

16-10-2005 13:23

Ja die heb ik zeker aangevinkt en soms worden er bij de lijst toegestane websites“automatisch” sites toegevoegd, ook worden er in mijn favorieten dingen bij geplaats.
Ik gebruik Trend Micro Pc cillin internet security
Avondsmurf

16-10-2005 13:41

Volg even alle stappen onder de rode link hier boven, dan kunnen de experts zien wat er mis is met je compie…………… Smurfie
Piedro

16-10-2005 13:43

Dat heb ik gedaan tog (zie eerste post) of ben ik wat vergeten?
Avondsmurf

16-10-2005 13:43

Nadat je MSN PLUS hebt gedeinstalleerd………………
Later mag je deze weer installeren maar dan zonder de sponsers……….
Piedro

16-10-2005 13:44

Ok zal es proberen
Piedro

16-10-2005 14:20

Ik heb Messenger plus gedeinstalleerd (Ik had hem volgens mij inderdaad met sposor geistalleerd (erg dom) en latere updates niet maar dat mocht vast niet meer baten), en genoemde scan weer allemaal uitgevoerd.
Logfile of HijackThis v1.99.1
Scan saved at 14:17:19, on 16-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$KBPC\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\Dit.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\calcheck.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Documents and Settings\Pieter\Mijn documenten\Mijn ontvangen bestanden\Hijackthis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xuppitounsypsz.info/GKnvVVipcsVnHs9p/Z3aGu9SaI8vd8S9iwKkibHBv5gJf4OFpyR7Kr2KkStpdyD0.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9DA19A46-400D-E36D-E161-311C32420449} - C:\DOCUME~1\Kees\APPLIC~1\UPLOAD~1\Cash Math.exe (file missing)
O2 - BHO: (no name) - {C6626FE0-DDD3-E735-B758-2AFAF6979C85} - C:\DOCUME~1\Kees\APPLIC~1\UPLOAD~1\Cash Math.exe (file missing)
O4 - HKLM\..\Run: C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: Dit.exe
O4 - HKLM\..\Run: RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: “C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE” /APPLY
O4 - HKLM\..\Run: “C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe”
O4 - HKLM\..\Run: C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE /partner SS1
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Servicebeheer.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\calcheck.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
lucas

16-10-2005 20:55

Tip: Haal nooit geen updates op met plus. Dan krijg je opnieuw rotzzoi binnen.
Beter is deinstalleren en de nieuwe versie installeren
Lucas

Last van veel popp ups en veranderende startpagina

Piedro

LynX

Piedro

Avondsmurf

Piedro

Avondsmurf

Piedro

Piedro

lucas