Helpmij tegen spyware offensief (deel 2)

[hawkie]

Logje van een collega. Heb er net met adware 131 items van af gehaald, met Spybot nog eens 14 en spywareblaster geinstalleerd.
Ik zie er nog een heleboel rommel tussenstaan maar wil even het oordeel van de meester afwachten

Logfile of HijackThis v1.97.7
Scan saved at 11:24:31, on 28-1-2004
Platform: Windows 95 B (Win9x 4.00.1212)
MSIE: Internet Explorer v5.00 (5.00.2314.1000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\ATI2PLXX.EXE
C:\PROGRAM FILES\COMPAQ\COMPAQ POWER MANAGEMENT\HIBSERV.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\HOTKEY SUPPORT SOFTWARE\HKSS.EXE
C:\PROGRAM FILES\COMPAQ\POWERCON ENHANCEMENTS\CPQACDC.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\PERFECT SERIES\WHEEL MOUSE\W2000\LWB3DAPP.EXE
C:\GEORGES\COMPUTERHULPPROGS DOWNLOADS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jump.altavista.com/avie5/searchpane
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jump.altavista.com/avie5/searchpane
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.altavista.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [Check Dock] c:\windows\options\cabs\cdock.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Support Software\hkss.exe
O4 - HKLM\..\Run: [CPQAcDc] C:\Program Files\Compaq\PowerCon Enhancements\CPQAcDc.Exe
O4 - HKLM\..\Run: [Compaq Computer Security] rundll32.exe C:\PROGRA~1\COMPAQ\SECURI~1\SECURE32.CPL,Service
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\PROGRA~1\PERFEC~1\WHEELM~1\W2000\LWB3DAPP.EXE
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe
O4 - HKLM\..\RunServices: [Hibernation] C:\PROGRA~1\COMPAQ\COMPAQ~2\HIBSERV.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: MINT Update Applications.lnk = C:\Program Files\MINT\Update.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O11 - Options group: [TOEGANKELIJKHEID] Toegankelijkheid
O13 - WWW. Prefix: http://
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: http://*.FS1SBC
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

[Sustulum]

Ik heb vantevoren gescanned met ad-aware 6. Daarna opnieuw opgestart en Hijackthis gedraaid. Ik heb bij het opstarten last van een foutmelding met ctrlpan.dll Na wat google'en zag ik dat dit waarschijnlijk spyware is. Misschien staat dit in de log? (en een hoop ander spul wat weg mag)

Alvast bedankt!

Logfile of HijackThis v1.97.7
Scan saved at 11:19:30, on 28-1-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DOCKAPP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HPZTSB03.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\MIJN DOCUMENTEN\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http:///
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.search-2003.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F1 - win.ini: run=fntldr.exe C:\WINDOWS\svcpack.exe
O1 - Hosts: 66.250.171.167 sitefinder.verisign.com
O1 - Hosts: 66.250.171.167 sitefinder-idn.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CPortPatch] C:\WINDOWS\Quick Install\CPPatch.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [BayMgr] DockApp.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
O4 - HKLM\..\Run: [WinAuth] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [Control] rundll32.exe C:\WINDOWS\SYSTEM\ctrlpan.dll,Restore ControlPanel
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - HKLM\..\Run: [qsqrvvd] rundll32 C:\WINDOWS\SYSTEM\qsqrvvd.dll,Init 1
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [od-teen332] c:\program files\Webdialer\od-teen332.exe -m
O4 - HKCU\..\Run: [od-teen234] c:\program files\Webdialer\od-teen234.exe -m
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKLM\..\RunOnce: [*qsqrvvd] rundll32 C:\WINDOWS\SYSTEM\qsqrvvd.dll,Init 1
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Onderzoekscentrum (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .swf: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin6.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.euro.dell.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.luchtfotoservice.nl/ab/plugin/plugin.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37797.5590625
O16 - DPF: {C809C390-A77E-45DD-8C35-379D9431658D} (dialer_iptower.Class1) - http://www.ipxs.nl/php/ipxs.CAB
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://www.x0.nl/install2/dialxs.ocx
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...b.compaq.com/HTML/interactive/2215/model.html
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://66.230.143.209/loader/dploader.cab
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058714nl.exe
O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://webpdp.gator.com/4/download/hdplugin_1015_bundle33v0d12.cab
O19 - User stylesheet: C:\WINDOWS\hh.htt
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)

 

[Pieter Arntz]

Geplaatst door baardman
Hoi Pieter,

Met het opnieuw opstarten bedoel je dan de computer of het programmaatje Hijack ? Heeft een hoop dingen gevonden. Voornamelijk allemaal van die sex dialers enz. Wist niet dat dat er allemaal opstond !

Als ik nu , ADAWARE, Hijack, Spybot en regcleaner regelmatig doe , blijf ik dan clean ?

Dank je

Opnieuw opstarten geldt voor de computer.

Tips ter voorkoming: http://home.planet.nl/~kleyn080/Spywareinfonl.html

Groetjes,

Pieter

 

[Pieter Arntz]

Geplaatst door margaNo

O4 - Startup: MINT Update Applications.lnk = C:\Program Files\MINT\Update.exe

O11 - Options group: [TOEGANKELIJKHEID] Toegankelijkheid
O13 - WWW. Prefix: http://

O15 - Trusted Zone: http://*.FS1SBC

Hoi margaNo,

Volgens mij heb je het ergste er wel uitgevist.

Die MINT update moet je maar even kijken of je erachter kunt komen wat het is.
En die vermelding in de Vertrouwde Websites is wel heel erg vreem en verdacht.

Groetjes,

Pieter

 

[Pieter Arntz]

Geplaatst door Sustulum


R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http:///
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.search-2003.com/

F1 - win.ini: run=fntldr.exe C:\WINDOWS\svcpack.exe
O1 - Hosts: 66.250.171.167 sitefinder.verisign.com
O1 - Hosts: 66.250.171.167 sitefinder-idn.verisign.com

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

O4 - HKLM\..\Run: [WinAuth] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [Control] rundll32.exe C:\WINDOWS\SYSTEM\ctrlpan.dll,Restore ControlPanel
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - HKLM\..\Run: [qsqrvvd] rundll32 C:\WINDOWS\SYSTEM\qsqrvvd.dll,Init 1
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

O4 - HKCU\..\Run: [od-teen332] c:\program files\Webdialer\od-teen332.exe -m
O4 - HKCU\..\Run: [od-teen234] c:\program files\Webdialer\od-teen234.exe -m

O4 - HKLM\..\RunOnce: [*qsqrvvd] rundll32 C:\WINDOWS\SYSTEM\qsqrvvd.dll,Init 1

O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://www.x0.nl/install2/dialxs.ocx

O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://66.230.143.209/loader/dploader.cab
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058714nl.exe
O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://webpdp.gator.com/4/download/hdplugin_1015_bundle33v0d12.cab
O19 - User stylesheet: C:\WINDOWS\hh.htt
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)

Hoi Sustulum,

1. Klick "Start" > "Uitvoeren" > type of knip&plak rundll32 C:\WINDOWS\SYSTEM\qsqrvvd.dll,Uninstall > "OK"

2. Download en run: http://www.merijn.org/files/CWShredder.exe

3. Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

4. Start de computer opnieuw op en verwijder:
C:\PROGRAM FILES\MYWAY <= de hele map
C:\WINDOWS\winlogon.exe <= alleen de winlogon.exe in deze map, NIET een andere.
c:\program files\Webdialer <= de hele map

Groetjes,

Pieter

 

[Pieter Arntz]

Re: laatste x hijack log tycajoy

Geplaatst door tycajoy
Onnodige start-ups zou ik er graag uit hebben.

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\WinAmp Player\Winamp\winampa.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab

Hoi tycajoy,

Ik heb de onnodige startups hierboven staan. Alleen de laatste is spyware, die "moet" weg.

In deze thread staan twee manieren om MSN Messenger ervan te weerhouden dat hij elke keer opstart:
http://www.wilderssecurity.com/index.php?board=9;action=display;threadid=20496;start=msg124561#msg124561

XP-Antispy of de manier van Phantom.
Ik heb zelf Messenger verwijderd, dus ik kan je geen vertaling geven van de dingen die je aan moet klikken.
Als ik moet gokken: Extra > Opties > tabblad algemeen.

Groetjes,

Pieter

 

[hawkie]

Geplaatst door Pieter Arntz


Hoi margaNo,

Volgens mij heb je het ergste er wel uitgevist.

Die MINT update moet je maar even kijken of je erachter kunt komen wat het is.
En die vermelding in de Vertrouwde Websites is wel heel erg vreem en verdacht.

Groetjes,

Pieter

En die R1 dan, die altavista's en msn?
Die horen daar toch niet?

dus die 011, 013 kan ik laten fixen?

MINT ga ik achterheen, zal wel met software op het netwerk te maken hebben denk ik.

MINT is een uitvaartprogramma wat jaren geleden in gebruik was en nu nog als naslagwerk gebruikt wordt.
Die verwijzing zal ik dus maar laten staan

Die 015 trusted zone : die laatste 3 letters SBC zijn een afkorting van ons bedrijf, dus dat zit wel goed denk ik

 

[Pieter Arntz]

Hoi margaNo,

Je kunt die altavista links wel laten fixen, maar het hoeft niet.

Die O11, O13 en O15 kun je laten fixen.

Groetjes,

Pieter

 

[goesje]

Bij deze de log file, misschien dat je er ff naar kan kijken en kan melden wat er allemaal uit kan. Alles wat overbodig is mag wat mij betreft weg.
Mocht ik per ongeluk ergens iets "fout" gedaan hebben laat het me dan svp ook ff weten

ALvast dank voor de moeite!

Goesje

Oh ja, ik heb gescand met adaware



Logfile of HijackThis v1.97.7
Scan saved at 16:35:41, on 28-1-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\DOCUME~1\Ar\APPLIC~1\apropos.exe
C:\PROGRA~1\Save\Save.exe
C:\PROGRA~1\COMMON~2\Toolbar\comwiz.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\windows\temp\adware\fsg_4104.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WeatherCast\Weather.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\DOCUME~1\Ar\APPLIC~1\apropos.exe" C:\DOCUME~1\Ar\APPLIC~1\apropos.exe /HideUninstIcon /HideDir /UninstallName="Software Apropos" /PC=PLUS
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4104.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WeatherCast] C:\Program Files\WeatherCast\Weather.exe /q
O4 - HKCU\..\RunOnce: [BullguardoptIn] C:\WINDOWS\Temp\BullGuard\bulldownload.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: EZ Firewall.lnk = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Real.com (HKLM)
O11 - Options group: [CommonName] CommonName
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

 

[geeke]

Pieter THX!
MPB.exe is zo'n snel toets toestand, niets ernstigs dus..

 

[Rutger V]

TNX

Dank je Pieter!! gr RV

 

[Pieter Arntz]

Geplaatst door goesje

Hoi goesje,

Zou je je computer eerst met AdAware of Spybot willen scannen?
Zie het eesrte bericht van dit topic of kijk hier http://home.planet.nl/~kleyn080/Spywareinfonl.html
Je bent helaas besmet met het volledige KaZaa "pretpakket"

Groetjes,

Pieter

 

[headout]

Logfile of HijackThis v1.97.7
Scan saved at 20:30:26, on 28-1-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\Expoler.exe
C:\Program Files\SpacialAudio\SAM2\broadcaster\SAM2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DATA BECKER\Music Center 5.0\MusicCenter5E.exe
C:\WINDOWS\System32\driver.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WinAce\WinAce.exe
C:\Documents and Settings\Stefan.PAVILION-OUEDAM\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luister.tk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.new-line.nl/forum
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 213.222.11.11 auto.search.msn.com
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {789c1f5e-f770-43cf-94a1-ac297c6d9b21} - C:\DOCUME~1\STEFAN~1.PAV\APPLIC~1\qudzqwfrt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll
O3 - Toolbar: bluoaqvoock - {88ef5248-16fa-47ed-9454-a96fe26711a0} - C:\DOCUME~1\STEFAN~1.PAV\APPLIC~1\qudzqwfrt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [WindowsUpd] C:\WINDOWS\WindowsUpd4.exe
O4 - HKLM\..\Run: [easywww] C:\windows\easywww.exe
O4 - HKLM\..\Run: [redirect] C:\windows\redirect6.exe
O4 - HKLM\..\Run: [checkup] C:\WINDOWS\System32\driver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [od-stnd174] c:\program files\Webdialer\od-stnd174.exe -m
O4 - HKCU\..\Run: [checkup] C:\WINDOWS\System32\driver.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {11111111-1111-1111-1111-119221635118} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.easywww.info/safe/payloadexe.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.nl/data/nl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37864.2423611111
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{865FD35B-8F6B-4E58-A129-40F8528805F2}: NameServer = 195.121.1.34 195.121.1.66

Logfile van een kennis van me, en volgens mij vol met spyware en dialers.

 

[melaniem]

Afsluiten duurt heel lang

Hallo Pieter hiet ben ik weer ik probeer mijn pc schoon te houden maar toch is hij traag bij het afsluiten, ik gebruik natuurlijk ad-aware maar zie jij misschien dingen die er niet horen??

Logfile of HijackThis v1.97.3
Scan saved at 0:16:16, on 29-1-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Titanium\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\Documents and Settings\Fred & Nel\Mijn documenten\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Fortis Secure Layer Config] cseinst.exe -o-h
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O9 - Extra button: PipView (HKCU)
O9 - Extra 'Tools' menuitem: PipView (HKCU)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37899.1631597222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

 

[bloem]

popnav

ik heb last van popnav.
hoe krijg ik die weg ?

hier een logfile van Hijack voor kontrole.
Logfile of HijackThis v1.97.7
Scan saved at 8:54:36, on 29-01-2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINNT\System32\iefeatures.exe
D:\odometer\Odometer.exe
\C316-10\d$\Net Activity Diagram\nad.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Hewlett-Packard\OpenView\Service Desk 4.0\Client\bin\ServiceDesk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Tools\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.graafschapcollege.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.graafschapcollege.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Graafschap College
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.41:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>;http://intra.graafschapcollege.nl;http://servicedesk.graafschapcollege.nl;http://web.graafschapcollege.nl;http://reports.graafschapcollege.nl;http://mis.graafschapcollege.nl;http://qm.graafschapcollege.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=runonce&pver=5.0&O1=internal&plcid=1103
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [MSVersion] C:\WINNT\System32\internetfeatures.exe
O4 - HKLM\..\Run: [iefeatures] C:\WINNT\System32\iefeatures.exe
O4 - HKCU\..\Run: [TClockEx] I:\Tools\TClockEx\TCLOCKEX.EXE
O4 - Startup: Net Activity Diagram.lnk = Net Activity Diagram\nad.exe
O4 - Global Startup: Odometer.lnk = D:\odometer\Odometer.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Onderzoek (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {1EE104B2-B32A-43D2-8DF1-2FD84BD00B14} (WebIntelligence 2.6 Report Editor Control) - http://mis.graafschapcollege.nl/wi/ActiveX/WIPanelXNL.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37938.1680787037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://216.65.38.226/crack.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDA7C26-878C-4C4F-918B-477AB95B801A}: Domain = graafschapcollege.nl
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EDA7C26-878C-4C4F-918B-477AB95B801A}: NameServer = 172.17.1.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA10AB15-5587-465F-B2E3-3D1BF5FF7436}: Domain = admin
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA10AB15-5587-465F-B2E3-3D1BF5FF7436}: NameServer = 172.17.1.42

 

[rob aarninkhof]

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :donderdag 29 januari 2004 9:45:10
Created with Ad-aware Personal, free for private use.
Using reference-file :01R217 08.09.2003
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


29-1-2004 9:45:10 - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 29-1-2004 7:53:06
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 29-1-2004 8:03:35
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 29-1-2004 8:03:36
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Besturingssysteem Microsoft
Created on : 7-9-2001 11:00:00
Last accessed : 28-1-2004 23:00:00
Last modified : 7-9-2001 11:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 29-1-2004 8:03:36
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 7-9-2001 11:00:00
Last accessed : 28-1-2004 23:00:00
Last modified : 7-9-2001 11:00:00

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 29-1-2004 8:03:38
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 7-9-2001 11:00:00
Last accessed : 28-1-2004 23:00:00
Last modified : 7-9-2001 11:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 29-1-2004 8:03:39
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 7-9-2001 11:00:00
Last accessed : 28-1-2004 23:00:00
Last modified : 7-9-2001 11:00:00

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 29-1-2004 8:03:41
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 7-9-2001 11:00:00
Last accessed : 28-1-2004 23:00:00
Last modified : 7-9-2001 11:00:00

#:8 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 29-1-2004 8:03:41
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.0.9.002
ProductVersion : 1.0.9.002
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 7-10-2003 18:41:24
Last accessed : 28-1-2004 23:00:00
Last modified : 24-9-2003 17:37:50

#:9 [nisum.exe]
FilePath : C:\Program Files\Norton Personal Firewall\
ThreadCreationTime : 29-1-2004 8:03:42
BasePriority : Normal
FileSize : 137 KB
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security NISUM
InternalName : NISUM
OriginalFilename : NISUM.exe
ProductName : Norton Internet Security
Created on : 25-8-2003 18:56:08
Last accessed : 28-1-2004 23:00:00
Last modified : 3-3-2003 12:06:36

#:10 [ccpxysvc.exe]
FilePath : C:\Program Files\Norton Personal Firewall\
ThreadCreationTime : 29-1-2004 8:03:46
BasePriority : Normal
FileSize : 33 KB
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Proxy Service
InternalName : ccPxySvc
OriginalFilename : ccPxySvc.exe
ProductName : Norton Internet Security
Created on : 25-8-2003 18:56:07
Last accessed : 28-1-2004 23:00:00
Last modified : 3-3-2003 12:05:18

#:11 [crypserv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 29-1-2004 8:03:46
BasePriority : High
FileSize : 51 KB
FileVersion : 5.4.0
ProductVersion : 5.4
Copyright : Copyright
CompanyName : Kenonic Controls Ltd.
FileDescription : CrypKey NT Service
InternalName : crypserv
OriginalFilename : crypserv.exe
ProductName : CrypKey Software Licensing System
Created on : 23-12-2003 19:06:52
Last accessed : 28-1-2004 23:00:00
Last modified : 29-6-2000 8:45:10

#:12 [dcfssvc.exe]
FilePath : C:\WINDOWS\system32\drivers\
ThreadCreationTime : 29-1-2004 8:03:46
BasePriority : Normal
FileSize : 184 KB
FileVersion : 1.1.4400.0
ProductVersion : 3.2.0400.0
Copyright : Copyright (C) Eastman Kodak Co. 2000-2002
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
OriginalFilename : DcFsSvc.exe
ProductName : Kodak DC File System Driver (Win32)
Created on : 28-2-2002 12:35:06
Last accessed : 28-1-2004 23:00:00
Last modified : 28-2-2002 12:35:06

#:13 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ThreadCreationTime : 29-1-2004 8:03:46
BasePriority : Normal
FileSize : 264 KB
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
Copyright : Copyright (C) Microsoft Corp. 1997-2000
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
OriginalFilename : mdm.exe
ProductName : Microsoft Development Environment
Created on : 23-2-2001 9:07:30
Last accessed : 28-1-2004 23:00:00
Last modified : 23-2-2001 9:07:30

#:14 [navapsvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\
ThreadCreationTime : 29-1-2004 8:03:47
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 4-7-2003 0:54:22
Last accessed : 28-1-2004 23:00:00
Last modified : 14-11-2002 18:41:26

#:15 [nprotect.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\
ThreadCreationTime : 29-1-2004 8:03:48
BasePriority : Normal
FileSize : 132 KB
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
Copyright : Copyright (C) 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
OriginalFilename : NPROTECT.EXE
ProductName : Norton Utilities
Created on : 3-7-2003 17:48:52
Last accessed : 28-1-2004 23:00:00
Last modified : 14-8-2002 5:03:00

#:16 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 29-1-2004 8:03:49
BasePriority : Normal
FileSize : 981 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Besturingssysteem Microsoft
Created on : 7-9-2001 11:00:00
Last accessed : 28-1-2004 23:00:00
Last modified : 7-9-2001 11:00:00

#:17 [tcpsvcs.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 29-1-2004 8:03:53
BasePriority : Normal
FileSize : 19 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : TCP/IP Services Application
InternalName : TCPSVCS.EXE
OriginalFilename : TCPSVCS.EXE
ProductName : Microsoft
Created on : 7-9-2001 11:00:00
Last accessed : 28-1-2004 23:00:00
Last modified : 7-9-2001 11:00:00

#:18 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~1\SPEEDD~1\
ThreadCreationTime : 29-1-2004 8:03:54
BasePriority : Normal
FileSize : 168 KB
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
Copyright : Copyright (C) 2002
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
OriginalFilename : NOPDB.dll
ProductName : Norton Speed Disk
Created on : 3-7-2003 17:51:00
Last accessed : 28-1-2004 23:00:00
Last modified : 14-8-2002 5:00:00

#:19 [htpatch.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 29-1-2004 8:03:57
BasePriority : Normal
FileSize : 28 KB
Created on : 3-7-2003 0:46:44
Last accessed : 28-1-2004 23:00:00
Last modified : 30-10-2002 10:40:34

#:20 [hpztsb08.exe]
FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
ThreadCreationTime : 29-1-2004 8:03:59
BasePriority : Normal
FileSize : 168 KB
FileVersion : 2,224,2,0
ProductVersion : 2,224,2,0
Copyright : Copyright (c) Hewlett-Packard Company 1999-2003
CompanyName : HP
ProductName : HP DeskJet
Created on : 4-9-2003 19:45:54
Last accessed : 28-1-2004 23:00:00
Last modified : 26-3-2003 8:19:12

#:21 [hpwuschd.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Software Update\
ThreadCreationTime : 29-1-2004 8:03:59
BasePriority : Normal
FileSize : 48 KB
Created on : 17-12-2002 10:40:22
Last accessed : 28-1-2004 23:00:00
Last modified : 17-12-2002 10:40:22

#:22 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ThreadCreationTime : 29-1-2004 8:03:59
BasePriority : Normal
FileSize : 40 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
OriginalFilename : hpotdd01.exe
ProductName : Hewlett-Packard hpotdd01
Created on : 2-12-2002 19:56:10
Last accessed : 28-1-2004 23:00:00
Last modified : 2-12-2002 19:56:10

#:23 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 29-1-2004 8:04:00
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 20-12-2003 9:44:36
Last accessed : 28-1-2004 23:00:00
Last modified : 2-12-2003 15:11:04

#:24 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 29-1-2004 8:04:01
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Een DLL-bestand als toepassing starten
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Besturingssysteem Microsoft
Created on : 7-9-2001 11:00:00
Last accessed : 28-1-2004 23:00:00
Last modified : 7-9-2001 11:00:00

#:25 [lwbwheel.exe]
FilePath : C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\
ThreadCreationTime : 29-1-2004 8:04:01
BasePriority : Normal
FileSize : 419 KB
FileVersion : 9.0.2.0
ProductVersion : 9.0.0.0
Copyright : Copyright 2000 By LEE,WEI-BIN.
FileDescription : Mouse Control Application
Created on : 25-12-2003 13:08:04
Last accessed : 28-1-2004 23:00:00
Last modified : 20-4-2001 11:42:18

#:26 [key_e.exe]
FilePath : D:\progs\toetsenbord\KMaestro\
ThreadCreationTime : 29-1-2004 8:04:01
BasePriority : Normal
FileSize : 108 KB
Created on : 4-7-2003 13:36:01
Last accessed : 28-1-2004 23:00:00
Last modified : 4-1-2002 12:15:48

#:27 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 29-1-2004 8:04:02
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 7-9-2001 11:00:00
Last accessed : 28-1-2004 23:00:00
Last modified : 7-9-2001 11:00:00

#:28 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 29-1-2004 8:04:02
BasePriority : Normal
FileSize : 4568 KB
FileVersion : 6.1.0207
ProductVersion : Version 6.1
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 18-12-2003 7:02:22
Last accessed : 28-1-2004 23:00:00
Last modified : 18-12-2003 7:02:22

#:29 [easyshare.exe]
FilePath : C:\Program Files\KODAK\Kodak EasyShare software\bin\
ThreadCreationTime : 29-1-2004 8:04:03
BasePriority : Normal
FileSize : 292 KB
FileVersion : 2, 0, 4, 57
ProductVersion : 2, 1, 0, 55
Copyright : Copyright
CompanyName : Eastman Kodak Company
FileDescription : Kodak EasyShare software
InternalName : EasyShare
OriginalFilename : EasyShare.exe
ProductName : Kodak EasyShare software
Created on : 16-9-2002 14:42:06
Last accessed : 28-1-2004 23:00:00
Last modified : 16-9-2002 14:42:06

#:30 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 29-1-2004 8:04:21
BasePriority : Normal
FileSize : 1456 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 14-4-2003 18:30:14
Last accessed : 28-1-2004 23:00:00
Last modified : 14-4-2003 18:30:14

#:31 [wts_key.exe]
FilePath : D:\progs\toetsenbord\KMaestro\
ThreadCreationTime : 29-1-2004 8:04:21
BasePriority : Normal
FileSize : 24 KB
Created on : 4-7-2003 13:36:01
Last accessed : 28-1-2004 23:00:00
Last modified : 15-11-2001 9:09:28

#:32 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 29-1-2004 8:05:10
BasePriority : Normal
FileSize : 147 KB
FileVersion : 5.4.3790.17 built by: lab04_n
ProductVersion : 5.4.3790.17
CompanyName : Microsoft Corporation
FileDescription : AutoUpdate-client voor Windows Update
InternalName : wuauclt.exe
OriginalFilename : wuauclt.exe
ProductName : Besturingssysteem Microsoft
Created on : 23-9-2003 20:43:28
Last accessed : 28-1-2004 23:00:00
Last modified : 9-10-2003 14:27:30

#:33 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 29-1-2004 8:05:43
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Besturingssysteem Microsoft
Created on : 3-7-2003 0:17:29
Last accessed : 28-1-2004 23:00:00
Last modified : 7-9-2001 13:00:00

#:34 [msimn.exe]
FilePath : C:\Program Files\Outlook Express\
ThreadCreationTime : 29-1-2004 8:05:50
BasePriority : Normal
FileSize : 55 KB
FileVersion : 6.00.2800.1123
ProductVersion : 6.00.2800.1123
CompanyName : Microsoft Corporation
FileDescription : Outlook Express
InternalName : MSIMN
OriginalFilename : MSIMN.EXE
ProductName : Besturingssysteem Microsoft
Created on : 23-10-2002 15:55:18
Last accessed : 28-1-2004 23:00:00
Last modified : 23-10-2002 15:55:18

#:35 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 29-1-2004 8:44:51
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 29-1-2004 8:44:18
Last accessed : 28-1-2004 23:00:00
Last modified : 12-7-2003 21:00:20

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d}


TinTel dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{A51DEDCD-20F7-11D4-98A5-00C0CA130748}


AdBlaster Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{A76066C9-941B-4209-9D96-0AC80501100D}


AdBlaster Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{EB6D8BAA-704A-415B-BC0A-3468BFAE924E}


AdBlaster Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : IExplorr11.clsDW


AdBlaster Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : IExplorr11.clsIS


AdBlaster Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : IExplorr22.clsDW


AdBlaster Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : IExplorr22.clsIS


AdBlaster Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{0B60CEF5-2431-4F92-82CF-03FEE5BDC762}


AdBlaster Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{7FB04DE1-4340-4002-9D9E-3B6913AE6953}


istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : ISTactivex.Installer


istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : ISTactivex.Installer.1


istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\IST


Alexa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}


My-Way Speedbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\MyWay


AdBlaster Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{B224AFF4-0561-4B35-A91A-6F339152A482}


Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 16
Objects found so far: 16


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

TinTel dialer Object recognized!
Type : RegKey
Data : c:\windows\downloaded program files\tcw.exe
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{A51DEDC0-20F7-11D4-98A5-00C0CA130748}


TinTel dialer Object recognized!
Type : File
Data : tcw.exe
Object : c:\windows\downloaded program files\
FileSize : 360 KB
FileVersion : 3, 0, 0, 97
ProductVersion : 3, 0, 0, 97
Copyright : Copyright 2000
CompanyName : TinTel B.V.
FileDescription : Tcw Module
InternalName : Tcw
OriginalFilename : Tcw.exe
ProductName : Tcw Module
Created on : 14-1-2003 15:04:08
Last accessed : 28-1-2004 23:00:00
Last modified : 14-1-2003 15:04:08



TinTel dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/Tcw.exe


TinTel dialer Object recognized!
Type : RegValue
Data : c:\windows\downloaded program files\tcw.exe
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\Downloaded Program Files\Tcw.exe


Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 3
Objects found so far: 20


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : rob@bluestreak[1].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 1-10-2003 8:54:04
Last accessed : 28-1-2004 23:00:00
Last modified : 1-10-2003 8:54:06



Tracking Cookie Object recognized!
Type : File
Data : rob@bravenet[2].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 22-9-2003 8:29:31
Last accessed : 28-1-2004 23:00:00
Last modified : 24-10-2003 21:02:56



Tracking Cookie Object recognized!
Type : File
Data : rob@ads.specificpop[1].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 5-10-2003 18:26:33
Last accessed : 28-1-2004 23:00:00
Last modified : 5-10-2003 18:26:34



Tracking Cookie Object recognized!
Type : File
Data : rob@web4.realtracker[1].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 7-10-2003 19:10:06
Last accessed : 28-1-2004 23:00:00
Last modified : 7-10-2003 19:10:08



Tracking Cookie Object recognized!
Type : File
Data : rob@as1.falkag[2].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 19-10-2003 9:05:54
Last accessed : 28-1-2004 23:00:00
Last modified : 19-10-2003 9:07:12



Tracking Cookie Object recognized!
Type : File
Data : rob@paycounter[2].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 15-10-2003 7:38:43
Last accessed : 28-1-2004 23:00:00
Last modified : 15-10-2003 7:38:44



Tracking Cookie Object recognized!
Type : File
Data : rob@server.iad.liveperson[2].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 22-10-2003 19:50:06
Last accessed : 28-1-2004 23:00:00
Last modified : 22-10-2003 19:50:08



Tracking Cookie Object recognized!
Type : File
Data : rob@stat.onestat[2].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 22-10-2003 19:57:16
Last accessed : 28-1-2004 23:00:00
Last modified : 22-10-2003 19:57:18



Tracking Cookie Object recognized!
Type : File
Data : rob@z1.adserver[1].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 26-10-2003 9:32:01
Last accessed : 28-1-2004 23:00:00
Last modified : 26-10-2003 9:32:18



Tracking Cookie Object recognized!
Type : File
Data : rob@bluestreak[3].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 27-10-2003 11:24:45
Last accessed : 28-1-2004 23:00:00
Last modified : 27-10-2003 11:24:46



Tracking Cookie Object recognized!
Type : File
Data : rob@ads.specificpop[3].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 27-10-2003 8:40:45
Last accessed : 28-1-2004 23:00:00
Last modified : 27-10-2003 8:40:46



Tracking Cookie Object recognized!
Type : File
Data : rob@tradedoubler[1].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 30-11-2003 16:04:05
Last accessed : 28-1-2004 23:00:00
Last modified : 30-11-2003 16:04:06



Tracking Cookie Object recognized!
Type : File
Data : rob@sb1.realtrackerbe[1].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 13-11-2003 18:52:14
Last accessed : 28-1-2004 23:00:00
Last modified : 13-11-2003 18:52:16



Tracking Cookie Object recognized!
Type : File
Data : rob@www.bravenet[1].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 31-12-2003 16:34:25
Last accessed : 28-1-2004 23:00:00
Last modified : 31-12-2003 16:34:26



Tracking Cookie Object recognized!
Type : File
Data : rob@bravenet[3].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 31-12-2003 16:35:26
Last accessed : 28-1-2004 23:00:00
Last modified : 20-1-2004 19:01:38



Tracking Cookie Object recognized!
Type : File
Data : rob@spylog[1].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 24-11-2003 9:09:44
Last accessed : 28-1-2004 23:00:00
Last modified : 24-11-2003 9:10:38



Tracking Cookie Object recognized!
Type : File
Data : rob@zedo[1].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 7-12-2003 9:50:45
Last accessed : 28-1-2004 23:00:00
Last modified : 7-12-2003 9:50:46



Other Object recognized!
Type : File
Data : rob@cgi-bin[3].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 26-1-2004 18:12:52
Last accessed : 28-1-2004 23:00:00
Last modified : 26-1-2004 18:12:54



Tracking Cookie Object recognized!
Type : File
Data : rob@www.slotch[2].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 8-1-2004 7:39:54
Last accessed : 28-1-2004 23:00:00
Last modified : 11-1-2004 8:52:52



Tracking Cookie Object recognized!
Type : File
Data : rob@as1.falkag[3].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 18-1-2004 8:44:31
Last accessed : 28-1-2004 23:00:00
Last modified : 18-1-2004 8:44:32



Tracking Cookie Object recognized!
Type : File
Data : rob@paycounter[3].txt
Object : C:\Documents and Settings\Rob\Cookies\

Created on : 25-1-2004 9:57:18
Last accessed : 28-1-2004 23:00:00
Last modified : 25-1-2004 9:57:20



Tracking Cookie Object recognized!
Type : File
Data : rob@stat.onestat[3].txt
Object : C:\Documents and Settings\Rob\Cookies\
FileSize : 1 KB
Created on : 26-1-2004 18:48:46
Last accessed : 28-1-2004 23:00:00
Last modified : 26-1-2004 18:48:48


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Deep scanning and examining files (C
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

istbar Object recognized!
Type : File
Data : istactivex.dll
Object : c:\windows\downloaded program files\
FileSize : 15 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2003
FileDescription : ISTactivex Module
InternalName : ISTactivex
OriginalFilename : ISTactivex.DLL
ProductName : ISTactivex Module
Created on : 25-11-2003 15:57:16
Last accessed : 28-1-2004 23:00:00
Last modified : 25-11-2003 15:57:16



istbar Object recognized!
Type : File
Data : istactivex.inf
Object : c:\windows\downloaded program files\

Created on : 7-5-2003 21:14:46
Last accessed : 28-1-2004 23:00:00
Last modified : 7-5-2003 21:14:46



TinTel dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : .tct


TinTel dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : .tcw


TinTel dialer Object recognized!
Type : File
Data : tintel.inf
Object : c:\windows\downloaded program files\

Created on : 25-7-2002 17:02:54
Last accessed : 28-1-2004 23:00:00
Last modified : 25-7-2002 17:02:54



My-Way Speedbar Object recognized!
Type : Folder
Object : c:\program files\MyWay


My-Way Speedbar Object recognized!
Type : Folder
Object : c:\program files\myway\myBar


My-Way Speedbar Object recognized!
Type : File
Data : my2ns.exe
Object : c:\program files\myway\mybar\1.bin\
FileSize : 24 KB
Created on : 26-11-2003 21:58:02
Last accessed : 28-1-2004 23:00:00
Last modified : 26-11-2003 21:58:04



My-Way Speedbar Object recognized!
Type : File
Data : mybar.dll
Object : c:\program files\myway\mybar\1.bin\
FileSize : 180 KB
FileVersion : 1, 0, 4, 0
ProductVersion : 1, 0, 4, 0
Copyright : Copyright
CompanyName : My Way
FileDescription : My Way Speedbar
InternalName : myBar
OriginalFilename : myBar.DLL
ProductName : My Way Speedbar for Internet Explorer and Netscape
Created on : 26-11-2003 21:58:03
Last accessed : 28-1-2004 23:00:00
Last modified : 26-11-2003 21:58:06



My-Way Speedbar Object recognized!
Type : File
Data : mylogo.gif
Object : c:\program files\myway\mybar\1.bin\
FileSize : 5 KB
Created on : 26-11-2003 21:58:05
Last accessed : 28-1-2004 23:00:00
Last modified : 26-11-2003 21:58:06



My-Way Speedbar Object recognized!
Type : File
Data : myuninst.hta
Object : c:\program files\myway\mybar\1.bin\
FileSize : 10 KB
Created on : 26-11-2003 21:58:06
Last accessed : 28-1-2004 23:00:00
Last modified : 26-11-2003 21:58:08



My-Way Speedbar Object recognized!
Type : File
Data : myunsetp.hta
Object : c:\program files\myway\mybar\1.bin\
FileSize : 2 KB
Created on : 26-11-2003 21:58:06
Last accessed : 28-1-2004 23:00:00
Last modified : 26-11-2003 21:58:08



My-Way Speedbar Object recognized!
Type : File
Data : partner.dat
Object : c:\program files\myway\mybar\1.bin\

Created on : 26-11-2003 21:58:07
Last accessed : 28-1-2004 23:00:00
Last modified : 26-11-2003 21:58:08



My-Way Speedbar Object recognized!
Type : File
Data : uninstall.inf
Object : c:\program files\myway\mybar\1.bin\
FileSize : 1 KB
Created on : 26-11-2003 21:58:07
Last accessed : 28-1-2004 23:00:00
Last modified : 26-11-2003 21:58:08



Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 14
Objects found so far: 56


9:47:44 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:02:33:270
Objects scanned :39545
Objects identified :56
Objects ignored :0
New objects :56

 

[TorukMakto]

Hoi Rob.

Lees deze nogmaals door en plaats dan hier je HijackThis log

http://helpmij.nl/forum/showthread.php?s=&threadid=134129

 

[khk464]

Hoi, als er iemand tijd heeft om eens te kijken. Ik heb wat programma's geïnstalleerd en verwijderd de laatste tijd. Soms heb ik de indruk dat internet eventjes traag is en met iets anders bezig. Misschien is het niets maar toch maar even laten kijken.
Gescant met S&D en adaware. Ik heb gisteren al wel de opstart van office 1.1 verwijderd.


Welke is deze?:
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
Deze heb ik gevonden, mag dus weg?

System Tray icon used to change display settings for nVidia based graphics cards. Unnecessary since you can easily configure these settings the way you want them in the Display Properties




Logfile of HijackThis v1.97.7
Scan saved at 10:26:57, on 29/01/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\WINIPCFG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MSI\PC ALERT 4\PCALERT4.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ALCATEL\ENTERNET 300\APP\ENTERNET.EXE
C:\WINDOWS\TEMP\ARC6235\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.pi.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Groetjes en bedankt

 

[Pieter Arntz]

Geplaatst door headout


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

O1 - Hosts: 213.222.11.11 auto.search.msn.com

O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)

O2 - BHO: (no name) - {789c1f5e-f770-43cf-94a1-ac297c6d9b21} - C:\DOCUME~1\STEFAN~1.PAV\APPLIC~1\qudzqwfrt.dll

O3 - Toolbar: bluoaqvoock - {88ef5248-16fa-47ed-9454-a96fe26711a0} - C:\DOCUME~1\STEFAN~1.PAV\APPLIC~1\qudzqwfrt.dll

O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [WindowsUpd] C:\WINDOWS\WindowsUpd4.exe
O4 - HKLM\..\Run: [easywww] C:\windows\easywww.exe
O4 - HKLM\..\Run: [redirect] C:\windows\redirect6.exe
O4 - HKLM\..\Run: [checkup] C:\WINDOWS\System32\driver.exe

O4 - HKCU\..\Run: [od-stnd174] c:\program files\Webdialer\od-stnd174.exe -m
O4 - HKCU\..\Run: [checkup] C:\WINDOWS\System32\driver.exe

O16 - DPF: {11111111-1111-1111-1111-119221635118} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.easywww.info/safe/payloadexe.exe

O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx

Unzip hijackthis.exe eerst naar een aparte map. Het programma maakt backups in de map waar de .exe zich bevindt. In een Temp map verdwijnen die nogal gemakkelijk.

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start dan opnieuw op en verwijder:
C:\Program Files\Power Scan <= de hele map
C:\WINDOWS\WindowsUpd4.exe
C:\windows\easywww.exe
C:\windows\redirect6.exe
c:\program files\Webdialer <= de hele map

En wil je deze naar me opsturen:
C:\WINDOWS\System32\driver.exe

Groetjes,

Pieter

 

[Pieter Arntz]

Re: Afsluiten duurt heel lang

Geplaatst door melaniem
Hallo Pieter hiet ben ik weer ik probeer mijn pc schoon te houden maar toch is hij traag bij het afsluiten, ik gebruik natuurlijk ad-aware maar zie jij misschien dingen die er niet horen??

Eigenlijk niet, maar probeer het eens met een nieuwere versie van HijackThis.

Groetjes,

Pieter