log

Status
Niet open voor verdere reacties.
T

tipperary

Gebruiker
Lid geworden
23 nov 2004
Berichten
5
Kan iemand deze controleren?

hijackthis.loghijackthis.logLogfile of HijackThis v1.98.2
Scan saved at 10:54:00, on 23-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger Plus! 3\MsgPlus1.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\gqtcgwi.exe
C:\Program Files\Windows AdTools\WinAdTools.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Windows AdTools\WinRatchet.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\tom\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.huy-search.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.huy-search.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ewlusbiuncmmgohvdq.net/y...EmTMIXUX_S8CLCx0Hvg/Nu4aGGWgc_asB0SfEevH.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gfczqetuikeeytklcek.net/yG4cC2u4sCAzRiiPnWWCzhONxjbNlm3cQ8V0Wo0_FJw.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hetnet.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.huy-search.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.upspiral.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: UpSpiral Toolbar - {4E7BD74F-2B8D-469E-DEFF-ED65A486AA28} - C:\WINDOWS\DOWNLO~1\upspiral.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O2 - BHO: (no name) - {BE598A4F-0773-AE05-B70D-6B6B23487415} - C:\DOCUME~1\fran\APPLIC~1\FLAPWI~1\blehstyle.exe (file missing)
O2 - BHO: (no name) - {E59A7FE9-9AAD-AA5D-E134-708DE79DECD9} - C:\PROGRA~1\FLAPWI~1\blehstyle.exe (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O3 - Toolbar: UpSpiral Toolbar - {4E7BD74F-2B8D-469E-DEFF-ED65A486AA28} - C:\WINDOWS\DOWNLO~1\upspiral.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [1ElseHideFlap] C:\Documents and Settings\All Users\Application Data\Byte Send 1 Else\Roambend.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
O4 - HKLM\..\Run: [nlzfjnhkh] C:\WINDOWS\system32\gqtcgwi.exe
O4 - HKLM\..\Run: [Load dale meet warn] C:\Documents and Settings\All Users\Application Data\Eq Meta Load Dale\Mfcd Bash.exe
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [Mapiinfo] C:\DOCUME~1\LOCALS~1\APPLIC~1\BONEER~1\Hope Jump.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl
O16 - DPF: {00000000-6666-0704-0B53-2C8830E9FAEC} - http://key.one2bill.de/soft/ieloader.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1029_EN_XP.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...057af8588735:8cb784406eab0aba0daecae57a7b4a98
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O19 - User stylesheet: (file missing)
 
Download, update en draai de volgende programma's, het is aangeraden tussen elk programma even opnieuw op te starten.
- Ad Aware SE
>> Zorg ervoor dat je eerst op "Check for Updates" klikt en daarna op "Connect" om de updates binnen te halen. Klik hierna op "Next", en dan op "Full System Scan". Wanneer de scan klaar is, klik je met de rechtermuisknop op de resultaten en kies je daarna voor "Select All Objects" om alles in één keer te selecteren. Klik nu op "Next" om de geselecteerde objecten te verwijderen.

- Spybot S&D
>> Update het door op "Search for Updates" te klikken, en waneer er updates beschikbaar zijn op "Download updates". Klik hierna op "Search & Destroy". Verwijder na de scan ALLEEN de RODE entries (die zijn standaard al aangevinkt).

- CWShredder
>> gebruik de FIX knop (dus NIET de Scan knop). Verwijder alles wat CWShredder vindt.

- CleanUp!
>> Spreekt voor zich, installeren en draaien. Klik op de knop "CleanUp!" om al je tijdelijke mappen te legen.

- Start hierna opnieuw op, maak een nieuw logje aan en post dat hier :)
 
start pagina

Hoe kom ik van dit start pagina af,
(searchweb2.com)
Zijn er meer in mij log te zien,ik wil hetnet als
start pagina.






L HijackThis v1.98.2ogfile of











Scan saved at 20:42:16, on 24-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger Plus! 3\MsgPlus1.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\DitExp.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\tom\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pzvrqrzdbbnmcxzsdvggg.co...zEmTMIXUX_S8CLCx0HvjcR56hnm6NeeasB0SfEevH.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gfczqetuikeeytklcek.net/yG4cC2u4sCAzRiiPnWWCzhONxjbNlm3cQ8V0Wo0_FJw.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hetnet.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.upspiral.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: UpSpiral Toolbar - {4E7BD74F-2B8D-469E-DEFF-ED65A486AA28} - C:\WINDOWS\DOWNLO~1\upspiral.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O2 - BHO: (no name) - {BE598A4F-0773-AE05-B70D-6B6B23487415} - C:\DOCUME~1\fran\APPLIC~1\FLAPWI~1\blehstyle.exe (file missing)
O2 - BHO: (no name) - {E59A7FE9-9AAD-AA5D-E134-708DE79DECD9} - C:\PROGRA~1\FLAPWI~1\blehstyle.exe (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\nl\msntb.dll
O3 - Toolbar: UpSpiral Toolbar - {4E7BD74F-2B8D-469E-DEFF-ED65A486AA28} - C:\WINDOWS\DOWNLO~1\upspiral.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [1ElseHideFlap] C:\Documents and Settings\All Users\Application Data\Byte Send 1 Else\Roambend.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
O4 - HKLM\..\Run: [Load dale meet warn] C:\Documents and Settings\All Users\Application Data\Eq Meta Load Dale\Mfcd Bash.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKCU\..\Run: [Mapiinfo] C:\DOCUME~1\LOCALS~1\APPLIC~1\BONEER~1\Hope Jump.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl
O16 - DPF: {00000000-6666-0704-0B53-2C8830E9FAEC} - http://key.one2bill.de/soft/ieloader.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1029_EN_XP.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O19 - User stylesheet: (file missin
 
Hoi tipperary,

Dat ziet er al stukken beter uit :thumb:

Ga naar Deze Computer, dubbelklik daar op C. Dubbelklik op Program Files. Klik nu op "Bestand" > "Nieuw" > "Map". Noem deze map HJT of HijackThis. Plaats nu de HijackThis.exe in DIE map. Draai in het vervolg HijackThis vanuit DIE map :). Dit in verband met de backups die dit programma maakt ;)

1. Vink onderstaande regels aan in HijackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pzvrqrzdbbnmcxzsdvggg.co...zEmTMIXUX_S8CLCx0HvjcR56hnm6NeeasB0SfEevH.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gfczqetuikeeytklcek.net/yG4cC2u4sCAzRiiPnWWCzhONxjbNlm3cQ8V0Wo0_FJw.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.upspiral.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html

O2 - BHO: UpSpiral Toolbar - {4E7BD74F-2B8D-469E-DEFF-ED65A486AA28} - C:\WINDOWS\DOWNLO~1\upspiral.dll
O2 - BHO: (no name) - {BE598A4F-0773-AE05-B70D-6B6B23487415} - C:\DOCUME~1\fran\APPLIC~1\FLAPWI~1\blehstyle.exe (file missing)
O2 - BHO: (no name) - {E59A7FE9-9AAD-AA5D-E134-708DE79DECD9} - C:\PROGRA~1\FLAPWI~1\blehstyle.exe (file missing)
O3 - Toolbar: UpSpiral Toolbar - {4E7BD74F-2B8D-469E-DEFF-ED65A486AA28} - C:\WINDOWS\DOWNLO~1\upspiral.dll

O4 - HKLM\..\Run: [1ElseHideFlap] C:\Documents and Settings\All Users\Application Data\Byte Send 1 Else\Roambend.exe
O4 - HKLM\..\Run: [Load dale meet warn] C:\Documents and Settings\All Users\Application Data\Eq Meta Load Dale\Mfcd Bash.exe
O4 - HKCU\..\Run: [Mapiinfo] C:\DOCUME~1\LOCALS~1\APPLIC~1\BONEER~1\Hope Jump.exe

O16 - DPF: {00000000-6666-0704-0B53-2C8830E9FAEC} - http://key.one2bill.de/soft/ieloader.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1029_EN_XP.cab

O19 - User stylesheet: (file missing)
Klik om te vergroten...

2. Sluit alle andere vensters en browsers, en klik op de knop “Fix Checked”.

3. Start opnieuw op in veilige modus.
Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

4. Ga naar Windows Verkenner (Rechtsklikken op Start - Verkennen). Zoek en verwijder het volgende:
Mappen:
C:\Program Files\Plus18Point
C:\Documents and Settings\LOCALS~1\Application Data\BONEER...
C:\Documents and Settings\All Users\Application Data\Eq Meta Load Dale
C:\Documents and Settings\All Users\Application Data\Byte Send 1 Else
C:\Program Files\FLAPWI...
C:\Documents and Settings\fran\Application Data\FLAPWI...

Bestand:
C:\WINDOWS\Downloaded Program Files\upspiral.dll

5. Start opnieuw op in normale modus, maak een nieuw logje aan met HijackThis, en post dat hier :)
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan