Helpmij tegen spyware offensief (deel 3)
- Onderwerp starter Eagle Creek
- Startdatum
- Status
P@sbeer
Terugkerende gebruiker
- Lid geworden
- 25 nov 2001
- Berichten
- 2.465
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\IP Insight\ARMon32a.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE
D:\Program Files\InCD.exe
C:\WINDOWS\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\180Solutions\msbb.exe
C:\Program Files\Bargain Buddy\bin\bargains.exe
C:\WINDOWS\System32\hbmmmpip.exe
C:\WINDOWS\FVProtect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PrecisionTime\PrecisionTime.exe
C:\Program Files\Date Manager\DateManager.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\msipcsv.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\WINZIP\winzip32.exe
D:\downprogjes\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/
O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin\apuc.dll
O2 - BHO: (no name) - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - C:\WINDOWS\System32\amcis2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: Win32 Classes -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.planet.nl/exent/classes/ExentCtl.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} - http://216.133.83.162/downloads/UGO20.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{04BE84FF-3E22-48D1-96FC-366E8F9619AF}: NameServer = 195.121.1.34 195.121.1.66
O17 - HKLM\System\CS1\Services\Tcpip\..\{04BE84FF-3E22-48D1-96FC-366E8F9619AF}: NameServer = 195.121.1.34 195.121.1.66
Jongens ff eenlog van een kennis, ik hoor graag
C:\Program Files\IP Insight\ARMon32a.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE
D:\Program Files\InCD.exe
C:\WINDOWS\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\180Solutions\msbb.exe
C:\Program Files\Bargain Buddy\bin\bargains.exe
C:\WINDOWS\System32\hbmmmpip.exe
C:\WINDOWS\FVProtect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PrecisionTime\PrecisionTime.exe
C:\Program Files\Date Manager\DateManager.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\msipcsv.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\WINZIP\winzip32.exe
D:\downprogjes\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/
O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin\apuc.dll
O2 - BHO: (no name) - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - C:\WINDOWS\System32\amcis2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: Win32 Classes -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.planet.nl/exent/classes/ExentCtl.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1} - http://216.133.83.162/downloads/UGO20.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{04BE84FF-3E22-48D1-96FC-366E8F9619AF}: NameServer = 195.121.1.34 195.121.1.66
O17 - HKLM\System\CS1\Services\Tcpip\..\{04BE84FF-3E22-48D1-96FC-366E8F9619AF}: NameServer = 195.121.1.34 195.121.1.66
Jongens ff eenlog van een kennis, ik hoor graag
Hijacklog
Beste mensen,
Op advies van Megabit
http://www.helpmij.nl/forum/showthread.php?threadid=158671
Plaats ik hier mijn hijackog:
---------------------------------------
Logfile of HijackThis v1.97.7
Scan saved at 15:57:23, on 4-4-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\A.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\YQ0AK34E\HIJACKTHIS[1].EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: (no name) - {904691A1-C588-4B27-BC47-D8599EDB3F97} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\PROGRAM FILES\IOLO\SYSTEM MECHANIC 4\POPUPSTOPPER.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Telefoongids (HKLM)
O9 - Extra 'Tools' menuitem: Telefoongids Zoekbalk (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37905.6708217593
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthakamai/systemsoappro.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
Het probleem is dat IE 6.0 geupdated niet goed
functioneert (af en toe verwarde tekst, scriptfouten,
onbereikbare websites etc.)
Ook is het misschien mogelijk dat ik ten onrechte
files heb verwijderd.
Etc.
Misschien geeft dit een aanwijzing wat te doen.
Heb vermoedelijk veel last gehad van spyware en dergelijke, kortom veel stuff waarvan ik niet weet wat het is en niet herkenbaar voor mij.
Met bijvoorbaat dank,
Fleur77.
Beste mensen,
Op advies van Megabit
http://www.helpmij.nl/forum/showthread.php?threadid=158671
Plaats ik hier mijn hijackog:
---------------------------------------
Logfile of HijackThis v1.97.7
Scan saved at 15:57:23, on 4-4-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\A.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\YQ0AK34E\HIJACKTHIS[1].EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: (no name) - {904691A1-C588-4B27-BC47-D8599EDB3F97} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\PROGRAM FILES\IOLO\SYSTEM MECHANIC 4\POPUPSTOPPER.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Telefoongids (HKLM)
O9 - Extra 'Tools' menuitem: Telefoongids Zoekbalk (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37905.6708217593
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthakamai/systemsoappro.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
Het probleem is dat IE 6.0 geupdated niet goed
functioneert (af en toe verwarde tekst, scriptfouten,
onbereikbare websites etc.)
Ook is het misschien mogelijk dat ik ten onrechte
files heb verwijderd.
Etc.
Misschien geeft dit een aanwijzing wat te doen.
Heb vermoedelijk veel last gehad van spyware en dergelijke, kortom veel stuff waarvan ik niet weet wat het is en niet herkenbaar voor mij.
Met bijvoorbaat dank,
Fleur77.
psnyders
Gebruiker
- Lid geworden
- 13 nov 2001
- Berichten
- 167
Hoi Piter,
Gedaan wat je geschreven hebt maar nog steeds geen zoekmachines die werken op startpagina.nl
Zie onderstaand logfile welke overgebleven is:
Logfile of HijackThis v1.97.7
Scan saved at 18:25:18, on 4-4-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\carpserv.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINNT\NCLAUNCH.EXe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\P. Snijders\Bureaublad\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msmgr] msmgr.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38011.1963310185
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?316
Graag je commentaar.
Grz,...............Piet
Gedaan wat je geschreven hebt maar nog steeds geen zoekmachines die werken op startpagina.nl
Zie onderstaand logfile welke overgebleven is:
Logfile of HijackThis v1.97.7
Scan saved at 18:25:18, on 4-4-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\carpserv.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINNT\NCLAUNCH.EXe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\P. Snijders\Bureaublad\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msmgr] msmgr.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38011.1963310185
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?316
Graag je commentaar.
Grz,...............Piet
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
LOL. Als je mij voor de gek wil houden moet je eerder opstaan, beertje.
Mocht het een serieuze poging zijn, dan eerst scannen met AdAware of Spybot S&D en een volledig log posten.
Groetjes,
Pieter
TS
TS
Eagle Creek
Verenigingslid
- Lid geworden
- 3 okt 2002
- Berichten
- 26.336
Logfile of HijackThis v1.97.7
Scan saved at 19:24:13, on 4-4-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\LEXBCES.EXE
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\LEXPPS.EXE
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\hidserv.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton Internet Security\NISUM.EXE
D:\WINNT\system32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\Program Files\Norton Internet Security\SymProxySvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Norton Internet Security\NISSERV.EXE
D:\WINNT\Explorer.EXE
D:\WINNT\system32\taskmgr.exe
D:\Program Files\Browser Mouse\lwbwheel.exe
D:\Program Files\Norton Internet Security\IAMAPP.EXE
D:\PROGRA~1\NORTON~1\navapw32.exe
D:\Program Files\Messenger Plus! 2\MsgPlus.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\WINNT\system32\ntvdm.exe
D:\WINNT\system32\rundll32.exe
C:\Program Files\Algemeen\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Jean-Paul/Mijn%20documenten/Mijn%20webs/Mijn_startpagina.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.alcatel.com/consumer/dsl/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LWBMOUSE] D:\Program Files\Browser Mouse\lwbwheel.exe
O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [DXDllRegExe] D:\WINNT\system32\dxdllreg.exe
O4 - HKCU\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\RunOnce: [ACMWrapperV2.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CDEngine\ACMWrapperV2.dll"
O4 - HKLM\..\RunOnce: [MediaPlayerV2.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CDEngine\MediaPlayerV2.dll"
O4 - HKLM\..\RunOnce: [driversV2.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CDEngine\driversV2.dll"
O4 - HKLM\..\RunOnce: [Cdbootable.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Cdbootable.dll"
O4 - HKLM\..\RunOnce: [cdDataPS.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdDataPS.dll"
O4 - HKLM\..\RunOnce: [cdExtra.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdExtra.dll"
O4 - HKLM\..\RunOnce: [cdmp3.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdmp3.dll"
O4 - HKLM\..\RunOnce: [database.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\database.dll"
O4 - HKLM\..\RunOnce: [ISO9660.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\ISO9660.dll"
O4 - HKLM\..\RunOnce: [Joliet.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Joliet.dll"
O4 - HKLM\..\RunOnce: [Udf.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Udf.dll"
O4 - HKLM\..\RunOnce: [creator.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\creator.dll"
O4 - HKLM\..\RunOnce: [Translator.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Translator.dll"
O4 - HKLM\..\RunOnce: [CDEngine.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CDEngine\CDEngine.dll"
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] D:\WINNT\inf\unregmp2.exe /FixUps
O4 - HKLM\..\RunOnce: [MSPCLOCK] RUNDLL32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
O4 - HKLM\..\RunOnce: [MSPQM] RUNDLL32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
O4 - HKLM\..\RunOnce: [MSKSSRV] RUNDLL32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
O4 - HKLM\..\RunOnce: [MPE0] rundll32.exe streamci,StreamingDeviceSetup {8E60217D-A2EE-47f8-B0C5-0F44C55F66DC},GLOBAL,{FD0A5AF4-B41D-11d2-9C95-00C04F7971E0},D:\WINNT\INF\mpe.inf,BDAcodec
O4 - HKLM\..\RunOnce: [STREAMIP0] rundll32.exe streamci,StreamingDeviceSetup {D84D449B-62FB-4ebb-B969-5183ED3DFB51},GLOBAL,{71985F4A-1CA1-11d3-9CC8-00C04F7971E0},D:\WINNT\INF\streamip.inf,BDAcodec
O4 - HKLM\..\RunOnce: [SLIP0] rundll32.exe streamci,StreamingDeviceSetup {03884CB6-E89A-4deb-B69E-8DC621686E6A},GLOBAL,{FD0A5AF4-B41D-11d2-9C95-00C04F7971E0},D:\WINNT\INF\slip.inf,VBIcodec
O4 - HKLM\..\RunOnce: [CCDECODE0] rundll32.exe streamci,StreamingDeviceSetup {562370a8-f8dd-11d2-bc64-00a0c95ec22e},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},D:\WINNT\INF\CCDECODE.inf,CCDECODE.Interface.Install
O4 - HKLM\..\RunOnce: [NABTSFEC0] rundll32.exe streamci,StreamingDeviceSetup {07DAD662-22F1-11d1-A9F4-00C04FBBDE8F},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},D:\WINNT\INF\NABTSFEC.inf,NABTSFEC.Interface.Install
O4 - HKLM\..\RunOnce: [WSTCODEC0] rundll32.exe streamci,StreamingDeviceSetup {70BC06E0-5666-11d3-A184-00105AEF9F33},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},D:\WINNT\INF\WSTCODEC.inf,WSTCODEC.Interface.Install
O4 - Startup: Tweak UI.lnk = D:\WINNT\system32\TWEAKUI.CPL
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04dddf6353279a834306/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38081.2089814815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3145117F-39B6-48B4-B281-DCBD945A9193}: NameServer = 194.134.5.5 194.134.0.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{3145117F-39B6-48B4-B281-DCBD945A9193}: NameServer = 194.134.5.5 194.134.0.97
Scan saved at 19:24:13, on 4-4-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\LEXBCES.EXE
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\LEXPPS.EXE
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\hidserv.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton Internet Security\NISUM.EXE
D:\WINNT\system32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\Program Files\Norton Internet Security\SymProxySvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Norton Internet Security\NISSERV.EXE
D:\WINNT\Explorer.EXE
D:\WINNT\system32\taskmgr.exe
D:\Program Files\Browser Mouse\lwbwheel.exe
D:\Program Files\Norton Internet Security\IAMAPP.EXE
D:\PROGRA~1\NORTON~1\navapw32.exe
D:\Program Files\Messenger Plus! 2\MsgPlus.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\WINNT\system32\ntvdm.exe
D:\WINNT\system32\rundll32.exe
C:\Program Files\Algemeen\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Jean-Paul/Mijn%20documenten/Mijn%20webs/Mijn_startpagina.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.alcatel.com/consumer/dsl/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LWBMOUSE] D:\Program Files\Browser Mouse\lwbwheel.exe
O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [DXDllRegExe] D:\WINNT\system32\dxdllreg.exe
O4 - HKCU\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\RunOnce: [ACMWrapperV2.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CDEngine\ACMWrapperV2.dll"
O4 - HKLM\..\RunOnce: [MediaPlayerV2.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CDEngine\MediaPlayerV2.dll"
O4 - HKLM\..\RunOnce: [driversV2.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CDEngine\driversV2.dll"
O4 - HKLM\..\RunOnce: [Cdbootable.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Cdbootable.dll"
O4 - HKLM\..\RunOnce: [cdDataPS.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdDataPS.dll"
O4 - HKLM\..\RunOnce: [cdExtra.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdExtra.dll"
O4 - HKLM\..\RunOnce: [cdmp3.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdmp3.dll"
O4 - HKLM\..\RunOnce: [database.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\database.dll"
O4 - HKLM\..\RunOnce: [ISO9660.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\ISO9660.dll"
O4 - HKLM\..\RunOnce: [Joliet.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Joliet.dll"
O4 - HKLM\..\RunOnce: [Udf.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Udf.dll"
O4 - HKLM\..\RunOnce: [creator.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\creator.dll"
O4 - HKLM\..\RunOnce: [Translator.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Translator.dll"
O4 - HKLM\..\RunOnce: [CDEngine.dll] d:\winnt\system32\regsvr32.exe /s "D:\Program Files\Common Files\Adaptec Shared\CDEngine\CDEngine.dll"
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] D:\WINNT\inf\unregmp2.exe /FixUps
O4 - HKLM\..\RunOnce: [MSPCLOCK] RUNDLL32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
O4 - HKLM\..\RunOnce: [MSPQM] RUNDLL32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
O4 - HKLM\..\RunOnce: [MSKSSRV] RUNDLL32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
O4 - HKLM\..\RunOnce: [MPE0] rundll32.exe streamci,StreamingDeviceSetup {8E60217D-A2EE-47f8-B0C5-0F44C55F66DC},GLOBAL,{FD0A5AF4-B41D-11d2-9C95-00C04F7971E0},D:\WINNT\INF\mpe.inf,BDAcodec
O4 - HKLM\..\RunOnce: [STREAMIP0] rundll32.exe streamci,StreamingDeviceSetup {D84D449B-62FB-4ebb-B969-5183ED3DFB51},GLOBAL,{71985F4A-1CA1-11d3-9CC8-00C04F7971E0},D:\WINNT\INF\streamip.inf,BDAcodec
O4 - HKLM\..\RunOnce: [SLIP0] rundll32.exe streamci,StreamingDeviceSetup {03884CB6-E89A-4deb-B69E-8DC621686E6A},GLOBAL,{FD0A5AF4-B41D-11d2-9C95-00C04F7971E0},D:\WINNT\INF\slip.inf,VBIcodec
O4 - HKLM\..\RunOnce: [CCDECODE0] rundll32.exe streamci,StreamingDeviceSetup {562370a8-f8dd-11d2-bc64-00a0c95ec22e},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},D:\WINNT\INF\CCDECODE.inf,CCDECODE.Interface.Install
O4 - HKLM\..\RunOnce: [NABTSFEC0] rundll32.exe streamci,StreamingDeviceSetup {07DAD662-22F1-11d1-A9F4-00C04FBBDE8F},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},D:\WINNT\INF\NABTSFEC.inf,NABTSFEC.Interface.Install
O4 - HKLM\..\RunOnce: [WSTCODEC0] rundll32.exe streamci,StreamingDeviceSetup {70BC06E0-5666-11d3-A184-00105AEF9F33},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},D:\WINNT\INF\WSTCODEC.inf,WSTCODEC.Interface.Install
O4 - Startup: Tweak UI.lnk = D:\WINNT\system32\TWEAKUI.CPL
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04dddf6353279a834306/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38081.2089814815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3145117F-39B6-48B4-B281-DCBD945A9193}: NameServer = 194.134.5.5 194.134.0.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{3145117F-39B6-48B4-B281-DCBD945A9193}: NameServer = 194.134.5.5 194.134.0.97
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: Hijacklog
Hoi fleur77,
Voor je begint wil ik je aanraden om HijackThis naar een aparte map te downloaden. Het programma maakt backups in de map waar het staat en
zoals jij het nu draait (uit de Tijdelijke Internetbestanden map) gaat dat niet.
Vink dan de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.
Start daarna opnieuw op in veilige modus en verwijder:
C:\WINDOWS\SYSTEM\A.EXE
Ik heb de resten van de Telefoongids balk ook maar weggehaald. Als je die terug wilt zul je hem opnieuw moeten installeren.
Groetjes,
Pieter
Hoi fleur77,
Voor je begint wil ik je aanraden om HijackThis naar een aparte map te downloaden. Het programma maakt backups in de map waar het staat en
zoals jij het nu draait (uit de Tijdelijke Internetbestanden map) gaat dat niet.
Vink dan de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.
Start daarna opnieuw op in veilige modus en verwijder:
C:\WINDOWS\SYSTEM\A.EXE
Ik heb de resten van de Telefoongids balk ook maar weggehaald. Als je die terug wilt zul je hem opnieuw moeten installeren.
Groetjes,
Pieter
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Hoi psnyders,
Nog een paar die je niet nodig hebt. Zelfde methode als vorige keer.
Groetjes,
Pieter
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Hoi XP_PC,
Kun je die even opnieuw opstarten zodat hopelijk die RunOnce dingen allemaal weg zijn?
Maakt het wat overzichtelijker.
Groetjes,
Pieter
P@sbeer
Terugkerende gebruiker
- Lid geworden
- 25 nov 2001
- Berichten
- 2.465
Logfile of HijackThis v1.97.7
Scan saved at 19:43:42, on 4-4-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\IP Insight\ARMon32a.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Downloads\1001 Sex and more.rtf.exe
D:\downprogjes\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
O16 - DPF: Win32 Classes -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.planet.nl/exent/classes/ExentCtl.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04BE84FF-3E22-48D1-96FC-366E8F9619AF}: NameServer = 195.121.1.34 195.121.1.66
O17 - HKLM\System\CS1\Services\Tcpip\..\{04BE84FF-3E22-48D1-96FC-366E8F9619AF}: NameServer = 195.121.1.34 195.121.1.66
Scan saved at 19:43:42, on 4-4-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\IP Insight\ARMon32a.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Downloads\1001 Sex and more.rtf.exe
D:\downprogjes\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
O16 - DPF: Win32 Classes -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.planet.nl/exent/classes/ExentCtl.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04BE84FF-3E22-48D1-96FC-366E8F9619AF}: NameServer = 195.121.1.34 195.121.1.66
O17 - HKLM\System\CS1\Services\Tcpip\..\{04BE84FF-3E22-48D1-96FC-366E8F9619AF}: NameServer = 195.121.1.34 195.121.1.66
psnyders
Gebruiker
- Lid geworden
- 13 nov 2001
- Berichten
- 167
Dit is er overgebleven van het logfile maar nog werken de zoekmachines op de startpagina.nl niet!!
Grz,..........Piet
Logfile of HijackThis v1.97.7
Scan saved at 19:53:23, on 4-4-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\carpserv.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINNT\NCLAUNCH.EXe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\P. Snijders\Bureaublad\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38011.1963310185
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?316
Grz,..........Piet
Logfile of HijackThis v1.97.7
Scan saved at 19:53:23, on 4-4-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\carpserv.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINNT\NCLAUNCH.EXe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\P. Snijders\Bureaublad\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38011.1963310185
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?316
TS
TS
Eagle Creek
Verenigingslid
- Lid geworden
- 3 okt 2002
- Berichten
- 26.336
Logfile of HijackThis v1.97.7
Scan saved at 19:59:33, on 4-4-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\LEXBCES.EXE
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\LEXPPS.EXE
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\hidserv.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton Internet Security\NISUM.EXE
D:\WINNT\system32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\Program Files\Norton Internet Security\SymProxySvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Norton Internet Security\NISSERV.EXE
D:\WINNT\Explorer.EXE
D:\WINNT\system32\taskmgr.exe
D:\Program Files\Browser Mouse\lwbwheel.exe
D:\Program Files\Norton Internet Security\IAMAPP.EXE
D:\PROGRA~1\NORTON~1\navapw32.exe
D:\Program Files\Messenger Plus! 2\MsgPlus.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Algemeen\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Jean-Paul/Mijn%20documenten/Mijn%20webs/Mijn_startpagina.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.alcatel.com/consumer/dsl/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LWBMOUSE] D:\Program Files\Browser Mouse\lwbwheel.exe
O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKCU\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnce
O4 - Startup: Tweak UI.lnk = D:\WINNT\system32\TWEAKUI.CPL
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04dddf6353279a834306/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38081.2089814815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3145117F-39B6-48B4-B281-DCBD945A9193}: NameServer = 194.134.5.5 194.134.0.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{3145117F-39B6-48B4-B281-DCBD945A9193}: NameServer = 194.134.5.5 194.134.0.97
Vink ik telkens uit, maar die komen terug dus laat maar zitten.
Zit nog een "RunOnce" tussen zag ik. Wat het is weet ik niet.
Scan saved at 19:59:33, on 4-4-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\LEXBCES.EXE
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\LEXPPS.EXE
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\hidserv.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton Internet Security\NISUM.EXE
D:\WINNT\system32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\Program Files\Norton Internet Security\SymProxySvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Norton Internet Security\NISSERV.EXE
D:\WINNT\Explorer.EXE
D:\WINNT\system32\taskmgr.exe
D:\Program Files\Browser Mouse\lwbwheel.exe
D:\Program Files\Norton Internet Security\IAMAPP.EXE
D:\PROGRA~1\NORTON~1\navapw32.exe
D:\Program Files\Messenger Plus! 2\MsgPlus.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Algemeen\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Jean-Paul/Mijn%20documenten/Mijn%20webs/Mijn_startpagina.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.alcatel.com/consumer/dsl/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LWBMOUSE] D:\Program Files\Browser Mouse\lwbwheel.exe
O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKCU\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnce
O4 - Startup: Tweak UI.lnk = D:\WINNT\system32\TWEAKUI.CPL
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04dddf6353279a834306/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38081.2089814815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3145117F-39B6-48B4-B281-DCBD945A9193}: NameServer = 194.134.5.5 194.134.0.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{3145117F-39B6-48B4-B281-DCBD945A9193}: NameServer = 194.134.5.5 194.134.0.97
Vink ik telkens uit, maar die komen terug dus laat maar zitten.
Zit nog een "RunOnce" tussen zag ik. Wat het is weet ik niet.
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Hoi Wytze,
In het vorige log klopten het log zelf en de lopende processen echt niet met elkaar. Waarschijnlijk nog niet opnieuw opgestart na het scannen met AdAware en Spybot.
Nu zie ik alleen nog een vet virus. Netsky (P?)
Laat de regels die ik gequote heb fixen. Start dan opnieuw op in veilige modus en verwijder:
D:\Downloads\1001 Sex and more.rtf.exe
LET OP. In verkenner staan er waarschijnlijk een heleboel spaties tussen .rtf en .exe
Sorry voor het misverstand.
Groetjes,
Pieter
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Hoi XP_PC;
Waarom hij terug komt snap ik ook niet.
mmsys.cpl is wel een normaal Windows bestand.
Verder is het een schoon log.
Groetjes,
Pieter
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Hoi psnyders,
Heb je hier wat aan?
http://groups.google.com/groups?hl=....122377%24Uo2.3313257%40zwoll1.home.nl&rnum=2
Je log is hartstikke schoon, dus aan spyware ligt het niet.
Groetjes,
Pieter
psnyders
Gebruiker
- Lid geworden
- 13 nov 2001
- Berichten
- 167
Pieter bedankt
Kan er verder niets mee.
Heb nu google als startpagina en dat werkt prima.
Ik werk wel achter een firewall maar die zit in de multi PC modem router maar die heeft nog nooit last gegeven.
Wel heeft hijack een aantal backups weggezet in de map waar dit proggie inzit wat moet ik daar mee?
You're a champ
:thumb: :thumb: :thumb:
Kan er verder niets mee.
Heb nu google als startpagina en dat werkt prima.
Ik werk wel achter een firewall maar die zit in de multi PC modem router maar die heeft nog nooit last gegeven.
Wel heeft hijack een aantal backups weggezet in de map waar dit proggie inzit wat moet ik daar mee?
You're a champ
:thumb: :thumb: :thumb:
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Die backups kun je over een aantal dagen (als je geen extra problemen opmerkt) wel verwijderen.
Als die firewall geen andere instellingen heeft, zou het probleem in strengere instellingen of MS updates kunnen zitten. Heb je al geprobeerd om startpagina.nl aan je vertrouwde websites to te voegen?
Groetjes,
Pieter
psnyders
Gebruiker
- Lid geworden
- 13 nov 2001
- Berichten
- 167
Strengere instellingen van de firewall op de router??
MS uppdates heb ik op gecontroleerd er zijn er voor mij geen meer tenminste dat zegt microsoft update.
Heb startpagina aan favorieten toegevoegd maar ook dan werken nog steeds de zoekmachines niet op deze site wel werken de links op de pagina zelf
Weard don't you think!
:evil:
MS uppdates heb ik op gecontroleerd er zijn er voor mij geen meer tenminste dat zegt microsoft update.
Heb startpagina aan favorieten toegevoegd maar ook dan werken nog steeds de zoekmachines niet op deze site wel werken de links op de pagina zelf
Weard don't you think!
:evil:- Status
