Helpmij tegen spyware offensief (deel 3)

[Tha Devil]

Even voor iemand de pc opschonen, hierbij als bijlage de hijack this log

Alvast bedankt voor het nakijken.

Groeten Stefan

 

[master_svd]

Pieter,

zou je even naar deze log van mij willen kijken, en wat ik eventueel hiervan uit kan zetten wat op de achtergrond mee draait?

(heb nl op het moment veel problemen met outlook express)




Logfile of HijackThis v1.97.7
Scan saved at 15:50:40, on 22-4-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\Norman\Nvc\BIN\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Norman\Nvc\BIN\ZLH.EXE
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Program Files\Pulse\Pulse.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Norman\NPF\npfmsg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Sheila van Dongen\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimweb.avans.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Pulse] C:\Program Files\Pulse\Pulse.exe -splash
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: NPF Messenger.lnk = C:\Program Files\Norman\NPF\npfmsg.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Onderzoek (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://virusscan.zdnet.nl/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab

 

[flappy_tappy]

hoe of wat kan weg

Logfile of HijackThis v1.97.7
Scan saved at 15:56:09, on 22-4-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\gknosc.exe
C:\WINDOWS\pnpzikuv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\rick\Mijn documenten\MEDAL.OF.HONOR.AA.10.ENG.FL.BACKUPCD\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://contexualsearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://contexualsearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://contexualsearch.com/passthrough/index.html?http://www.msn.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://contexualsearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://contexualsearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://contexualsearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://contexualsearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/QuickPage/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {32FE0C38-A1F1-4EF4-9C3C-04D256980AD7} - C:\WINDOWS\waueehr.dll
O2 - BHO: Core Library - {6CDF3C49-20E6-48d7-811B-9F5DD17F1D90} - C:\WINDOWS\System32\sfg78ae.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C77E900A-FF55-400E-9BAA-E042C8212898} - (no file)
O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} - C:\WINDOWS\System32\kdpupd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [type blue] C:\PROGRA~1\option beep\mfcd bleh.exe
O4 - HKLM\..\Run: [Popup Blocker Updater] regsvr32 /s C:\WINDOWS\System32\sfg78ae.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [vgbil] C:\WINDOWS\gknosc.exe
O4 - HKLM\..\Run: [quibhls] C:\WINDOWS\pnpzikuv.exe
O4 - HKLM\..\Run: [QuickZip] C:\WINDOWS\System32\ls.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {323B7117-E3F8-4B60-B369-B9790D8C847C} - http://download.acegain.com/agent/DMInstall.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://pgc.planet.nl/classes/ExentCtl.ocx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.fastmp3.nl/test/nl.exe
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/ieplug.cab
O16 - DPF: {E3802230-F0E2-4A75-9947-EAB78DD8153F} - http://www.klikeuro.nl/cab/EasyWebInstaller.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09F47CB0-EC29-44A1-871D-79B9EEE55048}: NameServer = 194.134.5.5 194.134.0.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{09F47CB0-EC29-44A1-871D-79B9EEE55048}: NameServer = 194.134.5.5 194.134.0.97



alvast bedankt

 

[Eef30]

Pieter, ik ben nu volgens mij wel van de irritantie popups af, maar kreeg zojuist weer dezelfde foutmelding als vermeld in deze treat:

http://www.helpmij.nl/forum/showthread.php?threadid=160913

Kun jij hier iets mee??

Groetjes, Eef30

 

[Pieter Arntz]

Geplaatst door Tha Devil
Even voor iemand de pc opschonen, hierbij als bijlage de hijack this log

Alvast bedankt voor het nakijken.

Groeten Stefan

http://home.planet.nl/~kleyn080/Spywareinfonl.html

www.housecall.nl

Post dan een nieuw log.

Groetjes,

Pieter

 

[Pieter Arntz]

Geplaatst door master_svd
Pieter,

zou je even naar deze log van mij willen kijken, en wat ik eventueel hiervan uit kan zetten wat op de achtergrond mee draait?

(heb nl op het moment veel problemen met outlook express)

Niets dat veel zou uitmaken.
Wat zijn de problemen?

Groetjes,

Pieter

 

[Pieter Arntz]

Re: hoe of wat kan weg

Geplaatst door flappy_tappy

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://contexualsearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://contexualsearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://contexualsearch.com/passthrough/index.html?[url]http://www.msn.nl/[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://contexualsearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://contexualsearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://contexualsearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://contexualsearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/QuickPage/Portal/portal.html

R3 - Default URLSearchHook is missing
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL

O2 - BHO: (no name) - {32FE0C38-A1F1-4EF4-9C3C-04D256980AD7} - C:\WINDOWS\waueehr.dll
O2 - BHO: Core Library - {6CDF3C49-20E6-48d7-811B-9F5DD17F1D90} - C:\WINDOWS\System32\sfg78ae.dll

O2 - BHO: (no name) - {C77E900A-FF55-400E-9BAA-E042C8212898} - (no file)
O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} - C:\WINDOWS\System32\kdpupd.dll

O4 - HKLM\..\Run: [type blue] C:\PROGRA~1\option beep\mfcd bleh.exe
O4 - HKLM\..\Run: [Popup Blocker Updater] regsvr32 /s C:\WINDOWS\System32\sfg78ae.dll

O4 - HKLM\..\Run: [vgbil] C:\WINDOWS\gknosc.exe
O4 - HKLM\..\Run: [quibhls] C:\WINDOWS\pnpzikuv.exe
O4 - HKLM\..\Run: [QuickZip] C:\WINDOWS\System32\ls.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll

O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} - http://dialxs.nl/install/dialxs.ocx

O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.fastmp3.nl/test/nl.exe
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab

O16 - DPF: {E3802230-F0E2-4A75-9947-EAB78DD8153F} - http://www.klikeuro.nl/cab/EasyWebInstaller.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB

Hoi flappy_tappy,

Voor je begint zou je dit bestandje naar me willen mailen:
C:\WINDOWS\System32\kdpupd.dll
klik hier voor het adres

Vink dan de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op in veilige modus en verwijder:
C:\Program Files\QuickPage <= de hele map
C:\WINDOWS\System32\ls.exe
C:\Program Files\option beep <= de hele map
C:\WINDOWS\System32\sfg78ae.dll
C:\WINDOWS\Downloaded Program Files\bridge.dll

Groetjes,

Pieter

 

[master_svd]

Pieter

Bij het controleren van verschillende emailaccounts loopt het programma vast.

Groetjes

 

[BJB83]

Geplaatst door Pieter Arntz


Klopt. Mocht hij weer van naam veranderd zijn als je in veilige modus aankomt, run dan HijackThis en vergelijk het nieuwe log met het oude, vooral dit stukje

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [srprbdau] C:\WINDOWS\System32\srprbdau.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

Meestal komt de nieuwe op de plaats te staan van de oude, in dit geval tussen Quicktime en Messenger.

Groetjes,

Pieter

Hij was inderdaad opnieuw veranderd (x3jd.exe ditmaal) maar ik heb 'm in veilige modus verwijderd en vervolgens winpup3.reg aan het register toegevoegd.

Mijn huidige log:

Logfile of HijackThis v1.97.7
Scan saved at 17:15:56, on 22-4-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Berend Jan\Bureaublad\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ehjjgpa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ehjjgpa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ehjjgpa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ehjjgpa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ehjjgpa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ehjjgpa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.225:3128
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {9E8ED16F-3C73-4775-9744-882595D3FA6B} - C:\WINDOWS\System32\ehjjgpa.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: c:\searchpage.html?page=
O13 - WWW Prefix: c:\searchpage.html?page=
O13 - Home Prefix: c:\searchpage.html?page=
O13 - Mosaic Prefix: c:\searchpage.html?page=
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

[Pieter Arntz]

Geplaatst door master_svd
Pieter

Bij het controleren van verschillende emailaccounts loopt het programma vast.

Groetjes

Dat lijkt me geen spyware probleem. Het is misschien wel even handig om te kijken of het steeds op hetzelfde account is.

Groetjes,

Pieter

 

[Pieter Arntz]

Geplaatst door BJB83

Hij was inderdaad opnieuw veranderd (x3jd.exe ditmaal) maar ik heb 'm in veilige modus verwijderd en vervolgens winpup3.reg aan het register toegevoegd.

Mooi zo. Nu alleen CWS nog.

Start daarna opnieuw op en download dit bestand:
http://tools.zerosrealm.com/pv.zip
Unzip het naar het bureablad. (Niet uit de zipmap runnen)
Open de pv map en dubbelklik op runme.bat

Je krijgt een DOS scherm. Kies 1 en ENTER

Kladblok gaat open met een log erin. Dat svp posten.

En wil je mij eens een kopie van c:\searchpage.html sturen.
klik hier voor het adres

Groetjes,

Pieter

 

[Pimzoektbaasje]

Nieuwe topic op verzoek Pieter

Hallo Pieter,

Dit is de log van het progje PV met als keuze optie 1 enter.
Ik moest een nieuwe topic beginnen van pieter dus aub geen reacties van verkeerde topic.
Ik hoop dat jij er iets mee kan Pieter.
bvd Pim


Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1019904 C:\WINDOWS\Explorer.EXE 6.00.2800.1106 (xpsp1.020828-1920) Windows Verkenner
ntdll.dll 77f40000 708608 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor NT-laag
kernel32.dll 77e40000 983040 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor Windows NT BASE API-client
msvcrt.dll 77be0000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
ADVAPI32.dll 77da0000 643072 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Geavanceerde Windows 32 basis-API
RPCRT4.dll 78000000 548864 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Procedure Call Runtime
GDI32.dll 77c40000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDI Client DLL
USER32.dll 77d10000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor Windows XP USER API-client
SHLWAPI.dll 77290000 409600 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell lichtgewicht hulpprogrammabibliotheek
SHELL32.dll 77390000 8400896 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1106 (xpsp1.020828-1920) Gemeenschappelijk DLL-bestand van Windows Shell
ole32.dll 270000 1183744 C:\WINDOWS\system32\ole32.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft OLE voor Windows
OLEAUT32.dll 770e0000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
BROWSEUI.dll 75f20000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser-bibliotheek voor gebruikersinterface
SHDOCVW.dll 76970000 1351680 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1106 (xpsp1.020828-1920) Objecten- en besturingselementenbibliotheek Shell Doc
UxTheme.dll 5b190000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL-bestand Microsoft UxTheme
Secur32.dll 76f50000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
iphlpapi.dll 76d20000 94208 C:\WINDOWS\System32\iphlpapi.dll 5.1.2600.2 (xpsp1.020828-1920) IP-helper-API
WS2_32.dll 71a30000 86016 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71a20000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0-helper voor Windows NT
comctl32.dll 78090000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
comctl32.dll 77300000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
appHelp.dll 75ee0000 122880 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
CLBCATQ.DLL 76f90000 491520 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42
COMRes.dll 77010000 839680 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77bd0000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
cscui.dll 765c0000 327680 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Gebruikersinterface voor caching aan clientzijde
CSCDLL.dll 765a0000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Off line netwerk-agent
themeui.dll 5ba50000 466944 C:\WINDOWS\System32\themeui.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Thema-API
MSIMG32.dll 76320000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDIEXT Client DLL
USERENV.dll 75a10000 679936 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
NETAPI32.dll 71bb0000 319488 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Net Win32 API DLL
SAMLIB.dll 71b80000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
ntshrui.dll 76940000 151552 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.1106 (xpsp1.020828-1920) Shell-uitbreidingen voor delen
ATL.DLL 76ad0000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
SETUPAPI.dll 76620000 962560 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup API
urlmon.dll 76090000 499712 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1106 (xpsp1.020828-1920) OLE32-extensies voor Win32
NETSHELL.dll 75c90000 1658880 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.1106 (xpsp1.020828-1920) Shell voor Netwerkverbindingen
credui.dll 76bc0000 184320 C:\WINDOWS\system32\credui.dll 5.1.2600.1106 (xpsp1.020828-1920) Gebruikersinterface van referentiebeheer
LINKINFO.dll 76930000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking
RASAPI32.dll 76ea0000 225280 C:\WINDOWS\System32\RASAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) RAS-API
rasman.dll 76e50000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
TAPI32.dll 76e70000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor Microsoft® Windows(TM) TAPI-client
rtutils.dll 76e40000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
WINMM.dll 76af0000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL
wininet.dll 761a0000 626688 C:\WINDOWS\system32\wininet.dll 6.00.2800.1106 (xpsp1.020828-1920) Internet-extensies voor Win32
CRYPT32.dll 76260000 573440 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1106 (xpsp1.020828-1920) Crypto-API32
MSASN1.dll 76240000 61440 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.0 (XPClient.010817-1148) ASN.1 Runtime APIs
msi.dll 18a0000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
MSCTF.dll 746a0000 278528 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor MSCTF-server
WINTRUST.dll 76bf0000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) API's voor Microsoft-vertrouwenslijstcontrole
IMAGEHLP.dll 76c50000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper
rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
LgMsgHk.dll 1750000 122880 C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll 1.1.0 Logitech Message Hook Library
LgWndHk.dll 1770000 28672 C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll 9.75.302 Logitech Call Window Hook Library
WINSTA.dll 76300000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.1106 (xpsp1.020828-1920) Winstation Library
webcheck.dll 74ab0000 270336 C:\WINDOWS\System32\webcheck.dll 6.00.2800.1106 (xpsp1.020828-1920) Website Monitor
stobject.dll 74a80000 131072 C:\WINDOWS\System32\stobject.dll 5.1.2600.1106 (xpsp1.020828-1920) Systray-shellserviceobject
BatMeter.dll 74a70000 36864 C:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) DLL-bestand voor helper van accumeter
POWRPROF.dll 74a50000 28672 C:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL
WTSAPI32.dll 76f10000 32768 C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Terminal Server SDK APIs
iTchHk.dll 20c0000 28672 C:\Program Files\Logitech\iTouch\iTchHk.dll 1.0.0 iTouch Hook Library
ctagent.dll 21c0000 65536 C:\WINDOWS\System32\ctagent.dll 1, 0, 0, 8 ctagent
printui.dll 74b00000 544768 C:\WINDOWS\System32\printui.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor gebruikersinterface voor afdrukken
WINSPOOL.DRV 72f70000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 (xpsp1.020828-1920) Windows Spoolerstuurprogramma
ACTIVEDS.dll 76e00000 192512 C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor routerlaag van Active Directory
adsldpc.dll 76dd0000 151552 C:\WINDOWS\System32\adsldpc.dll 5.1.2600.1106 (xpsp1.020828-1920) ADs LDAP Provider C DLL-bestand
WLDAP32.dll 76f20000 184320 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
CFGMGR32.dll 74a60000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL
MPR.dll 71aa0000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor multiple-providerrouter
drprov.dll 75f00000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider
ntlanman.dll 71ba0000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Lan Manager
NETUI0.dll 71c60000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI-klassen
NETUI1.dll 71c20000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes
NETRAP.dll 71c10000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL
davclnt.dll 75f10000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client-dll
SXS.DLL 75e30000 684032 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
kbdhook.dll 1470000 28672 C:\Program Files\Logitech\iTouch\kbdhook.dll 2.22.289 Keyboard Hook Library
shdoclc.dll 76110000 573440 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Objecten- en besturingselementenbibliotheek Shell Doc
browselc.dll 723c0000 77824 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser-bibliotheek voor gebruikersinterface
DUSER.dll 6c6a0000 278528 C:\WINDOWS\System32\DUSER.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows DirectUser Engine
MSGINA.dll 75910000 991232 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.1106 (xpsp1.020828-1920) Dll-bestand GINA voor Windows NT-aanmelding
ODBC32.dll 1f7b0000 200704 C:\WINDOWS\System32\ODBC32.dll 3.520.9030.0 Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 76350000 286720 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL voor gedeelde dialoogvensters
odbcint.dll 1f850000 98304 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - ODBC-bronnen
mshelper.dll 2060000 28672 C:\WINDOWS\System32\mshelper.dll 1, 0, 0, 1 asd3 Module
mscms.dll 73aa0000 77824 C:\WINDOWS\System32\mscms.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft Color Matching System DLL
NTMARTA.DLL 76ca0000 126976 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows NT MARTA-provider
if.dnt 6ab0000 1630208 C:\PROGRA~1\Photodex\COMPUP~1\if.dnt
WZSHLSTB.DLL 16200000 24576 C:\PROGRA~1\WinZip\WZSHLSTB.DLL 3.0 (32-bit) WinZip Shell Extension DLL
NavShExt.dll 10000000 98304 C:\Program Files\Norton AntiVirus\NavShExt.dll 10.00.13 Norton AntiVirusNAVShellExt Module
MSVCP70.dll 7c080000 487424 C:\WINDOWS\System32\MSVCP70.dll 7.00.9466.0 Microsoft® C++ Runtime Library
MSVCR70.dll 7c000000 344064 C:\WINDOWS\System32\MSVCR70.dll 7.00.9466.0 Microsoft® C Runtime Library
zipfldr.dll 732f0000 335872 C:\WINDOWS\System32\zipfldr.dll 6.00.2800.1106 (xpsp1.020828-1920) Gecomprimeerde mappen
mydocs.dll 723a0000 102400 C:\WINDOWS\System32\mydocs.dll 6.00.2600.0000 (xpclient.010817-1148) De gebruikersinterface van de map Mijn documenten
AcroIEHelper.ocx c30000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 1, 0, 0, 1 AcroIEHelper Module
jpnip.dll cf0000 53248 C:\WINDOWS\System32\jpnip.dll
msohev.dll 32520000 73728 C:\Program Files\Microsoft Office\Office10\msohev.dll 10.0.2609 Microsoft Office XP component
asfsipc.dll 70f20000 28672 C:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object
MSISIP.DLL 60a50000 53248 C:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider
wshext.dll 74e20000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft (r) Shell Extension for Windows script Host
wshNL.DLL 59100000 57344 C:\WINDOWS\System32\wshNL.DLL 5.6.0.6626 Internationale bronnen van Microsoft (r) Windows script Host
ScrTrust.dll f00000 65536 C:\Program Files\Common Files\Symantec Shared\script Blocking\ScrTrust.dll 1, 1, 1, 131 scriptBlocking Trust Verifier
MCPS.DLL 365a0000 86016 C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL 10.0.2625 Media Catalog Proxy/Stub
MSVCP60.DLL 76020000 397312 C:\WINDOWS\System32\MSVCP60.DLL 6.00.8972.0 Microsoft (R) C++ Runtime Library

 

[BJB83]

Geplaatst door Pieter Arntz


Mooi zo. Nu alleen CWS nog.

Start daarna opnieuw op en download dit bestand:
http://tools.zerosrealm.com/pv.zip
Unzip het naar het bureablad. (Niet uit de zipmap runnen)
Open de pv map en dubbelklik op runme.bat

Je krijgt een DOS scherm. Kies 1 en ENTER

Kladblok gaat open met een log erin. Dat svp posten.

En wil je mij eens een kopie van c:\searchpage.html sturen.
klik hier voor het adres

Groetjes,

Pieter

De log van het PV programma, die searchpage mail ik je:


Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1019904 C:\WINDOWS\Explorer.EXE 6.00.2800.1106 (xpsp1.020828-1920) Windows Verkenner
ntdll.dll 77f40000 708608 C:\WINDOWS\System32\ntdll.dll 5.1.2600.1217 (xpsp2.030429-2131) DLL-bestand voor NT-laag
kernel32.dll 77e40000 983040 C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor Windows NT BASE API-client
msvcrt.dll 77be0000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL
ADVAPI32.dll 77da0000 643072 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Geavanceerde Windows 32 basis-API
RPCRT4.dll 78000000 548864 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1254 (xpsp2.030801-1834) Remote Procedure Call Runtime
GDI32.dll 77c40000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDI Client DLL
USER32.dll 77d10000 573440 C:\WINDOWS\system32\USER32.dll 5.1.2600.1255 (xpsp2.030804-1745) DLL-bestand voor Windows XP USER API-client
SHLWAPI.dll 63180000 413696 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1226 Shell lichtgewicht hulpprogrammabibliotheek
SHELL32.dll 77390000 8380416 C:\WINDOWS\system32\SHELL32.dll 6.00.2800.1233 (xpsp2.030604-1804) Gemeenschappelijk DLL-bestand van Windows Shell
ole32.dll 7ccc0000 1183744 C:\WINDOWS\system32\ole32.dll 5.1.2600.1263 (xpsp2.030819-2129) Microsoft OLE voor Windows
OLEAUT32.dll 770e0000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
BROWSEUI.dll 75f20000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser-bibliotheek voor gebruikersinterface
SHDOCVW.dll 71700000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1203 Objecten- en besturingselementenbibliotheek Shell Doc
UxTheme.dll 5b190000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL-bestand Microsoft UxTheme
ctlld.dll 61c00000 61440 c:\windows\system32\ctlld.dll
comctl32.dll 78090000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library
comctl32.dll 77300000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library
appHelp.dll 75ee0000 122880 C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library
CLBCATQ.DLL 76f90000 491520 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42
COMRes.dll 77010000 839680 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77bd0000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
cscui.dll 765c0000 327680 C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Gebruikersinterface voor caching aan clientzijde
CSCDLL.dll 765a0000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Off line netwerk-agent
themeui.dll 5ba50000 466944 C:\WINDOWS\System32\themeui.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Thema-API
Secur32.dll 76f50000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface
MSIMG32.dll 76320000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDIEXT Client DLL
USERENV.dll 75a10000 679936 C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv
netapi32.dll 71bb0000 319488 C:\WINDOWS\System32\netapi32.dll 5.1.2600.1106 (xpsp1.020828-1920) Net Win32 API DLL
urlmon.dll 1a400000 495616 C:\WINDOWS\system32\urlmon.dll 6.00.2800.1259 OLE32-extensies voor Win32
RASAPI32.dll 76ea0000 225280 C:\WINDOWS\System32\RASAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) RAS-API
rasman.dll 76e50000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager
WS2_32.dll 71a30000 86016 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71a20000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0-helper voor Windows NT
TAPI32.dll 76e70000 176128 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor Microsoft® Windows(TM) TAPI-client
rtutils.dll 76e40000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
WINMM.dll 76af0000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL
wininet.dll 761a0000 626688 C:\WINDOWS\system32\wininet.dll 6.00.2800.1106 (xpsp1.020828-1920) Internet-extensies voor Win32
CRYPT32.dll 76260000 561152 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1123 (xpsp2.020921-0842) Crypto-API32
MSASN1.dll 76240000 61440 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.0 (XPClient.010817-1148) ASN.1 Runtime APIs
LINKINFO.dll 76930000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking
ntshrui.dll 76940000 151552 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.1106 (xpsp1.020828-1920) Shell-uitbreidingen voor delen
ATL.DLL 76ad0000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)
WINTRUST.dll 76bf0000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) API's voor Microsoft-vertrouwenslijstcontrole
IMAGEHLP.dll 76c50000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper
rsaenh.dll ffd0000 143360 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider
msi.dll 12b0000 2101248 C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer
WINSTA.dll 76300000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.1106 (xpsp1.020828-1920) Winstation Library
webcheck.dll 74ab0000 270336 C:\WINDOWS\System32\webcheck.dll 6.00.2800.1106 (xpsp1.020828-1920) Website Monitor
stobject.dll 74a80000 131072 C:\WINDOWS\System32\stobject.dll 5.1.2600.1106 (xpsp1.020828-1920) Systray-shellserviceobject
BatMeter.dll 74a70000 36864 C:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) DLL-bestand voor helper van accumeter
POWRPROF.dll 74a50000 28672 C:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL
SETUPAPI.dll 76620000 962560 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup API
WTSAPI32.dll 76f10000 32768 C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Terminal Server SDK APIs
wdmaud.drv 72c90000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
CRTDLL.DLL 73d00000 159744 C:\WINDOWS\System32\CRTDLL.DLL 4.00 Microsoft C Runtime Library
msacm32.drv 72c80000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft-geluidstoewijzing
MSACM32.dll 77bb0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Audiofilter voor Microsoft Audiocompressiebeheer
midimap.dll 77ba0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI-mapper
NETSHELL.dll 75c90000 1658880 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.1106 (xpsp1.020828-1920) Shell voor Netwerkverbindingen
credui.dll 76bc0000 184320 C:\WINDOWS\system32\credui.dll 5.1.2600.1106 (xpsp1.020828-1920) Gebruikersinterface van referentiebeheer
iphlpapi.dll 76d20000 94208 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2 (xpsp1.020828-1920) IP-helper-API
browselc.dll 723c0000 77824 C:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser-bibliotheek voor gebruikersinterface
SXS.DLL 75e30000 684032 C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5
DUSER.dll 6c6a0000 278528 C:\WINDOWS\System32\DUSER.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows DirectUser Engine
printui.dll 74b00000 544768 C:\WINDOWS\System32\printui.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor gebruikersinterface voor afdrukken
WINSPOOL.DRV 72f70000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 (xpsp1.020828-1920) Windows Spoolerstuurprogramma
ACTIVEDS.dll 76e00000 192512 C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor routerlaag van Active Directory
adsldpc.dll 76dd0000 151552 C:\WINDOWS\System32\adsldpc.dll 5.1.2600.1106 (xpsp1.020828-1920) ADs LDAP Provider C DLL-bestand
WLDAP32.dll 76f20000 184320 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL
CFGMGR32.dll 74a60000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL
MPR.dll 71aa0000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor multiple-providerrouter
drprov.dll 75f00000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider
ntlanman.dll 71ba0000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Lan Manager
NETUI0.dll 71c60000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI-klassen
NETUI1.dll 71c20000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes
NETRAP.dll 71c10000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL
SAMLIB.dll 71b80000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL
davclnt.dll 75f10000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client-dll
shdoclc.dll 76110000 573440 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Objecten- en besturingselementenbibliotheek Shell Doc
sensapi.dll 72240000 20480 C:\WINDOWS\System32\sensapi.dll 5.1.2600.1106 (xpsp1.020828-1920) SENS Connectivity API DLL
zipfldr.dll 732f0000 335872 C:\WINDOWS\System32\zipfldr.dll 6.00.2800.1126 (xpsp2.020921-0842) Gecomprimeerde mappen
ACTXPRXY.DLL 71cd0000 110592 C:\WINDOWS\System32\ACTXPRXY.DLL 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library
mydocs.dll 723a0000 102400 C:\WINDOWS\System32\mydocs.dll 6.00.2600.0000 (xpclient.010817-1148) De gebruikersinterface van de map Mijn documenten
NTMARTA.DLL 76ca0000 126976 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.1106 (xpsp1.020828-1920) Windows NT MARTA-provider
AcroIEHelper.ocx 10000000 32768 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 1, 0, 0, 1 AcroIEHelper Module
ehjjgpa.dll f60000 53248 C:\WINDOWS\System32\ehjjgpa.dll
asfsipc.dll 70f20000 28672 C:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object
MSISIP.DLL 60a50000 53248 C:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider
wshext.dll 74e20000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft (r) Shell Extension for Windows Script Host
comdlg32.dll 76350000 286720 C:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL voor gedeelde dialoogvensters
wshNL.DLL 59100000 57344 C:\WINDOWS\System32\wshNL.DLL 5.6.0.6626 Internationale bronnen van Microsoft (r) Windows Script Host

 

[JolandaC]

Iemand hier in huis heeft een progje gedownload, genaamd 22153925.exe
Nu is dat waarschijnlijk geinstalleerd.
De exe zelf staat nog op het bureaublad, maar ik krijg het niet verwijderd, het schijnt in gebruik te zijn, maar ik weet er geen raad mee.
Heb al ad-aware gedraaid en nu is dit het logbestand.
Weet iemand of er iets niet klopt?


Logfile of HijackThis v1.97.7
Scan saved at 17:54:34, on 22-4-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bossinkjes\Bureaublad\Edwin&Jolanda\Computer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37664.0440393519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


Alvast bedankt
Jolanda

 

[stevendemunter]

Logfile of HijackThis v1.97.7
Scan saved at 18:41:46, on 22/04/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\PASSWORD MANAGER\ACCTMGR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 5\DATALAYER.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\NCLTOOLS\NCLTRAY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQRUN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\Monwow.exe
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\APPLICATION DATA\AOSE.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\XXX XXX\HXIUL.EXE
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
C:\PROGRAM FILES\SYSAI\SYSAI.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\XXX XXX\CLIENT\HELPEXP.EXE
C:\WINDOWS\EMSW.EXE
C:\WINDOWS\WJVIEW.EXE
C:\WINDOWS\TEMP\REM5070.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COUPONSANDOFFERS\COUPONSANDOFFERS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautossearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautossearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://amazingautossearch.com/passthrough/index.html?http://about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautossearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautossearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautossearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautossearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F7E22620-3ECD-A281-6CBB-392C039ED9AE} - C:\PROGRAM FILES\BONELIVE\SIXTHSEEK.DLL
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\SYSAI\APROPOSPLUGIN.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Hope start - {FAF8FA90-4BF1-8CF2-0108-2DBD047CA13A} - C:\PROGRAM FILES\BONELIVE\SIXTHSEEK.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [LICENSE GLUE] C:\PROGRA~1\PROCTONS\WEB LIES.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [couponsandoffers] wjview /cp "C:\Program Files\couponsandoffers\System\Code" Main lp: "C:\Program Files\couponsandoffers"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinject.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AutoEA] C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\ahqrun.exe "C:\Program Files\Creative\SBLive\AudioHQ\AHQ\CTAutoEA.ahq" 0
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Emia] C:\WINDOWS\Application Data\aose.exe
O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\SYSTEM\wnsintit.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\xxx xxx\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\xxx xxx\Client\HelpExp.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Toevoegen aan Mobiele favorieten (HKLM)
O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\Intern~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37882.390162037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.fastmp3.nl/test/nl.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.negativebeats.com/mp3.plugin.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = be
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 195.130.130.11

 

[chila]

hallo pieter ik ben bezig met te doen wat je hebt gevraagd maar op een of andere manier kan ik dehelft niet vinden en is de log veranderd. kun je er eens opnieuw naar kijken?
vb:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us/1521/

dat http:\\nkvd.us/ was eerst o.a searchpage.

maar het probleem is nog hetzelfde.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us/1521/

dit is de nieuwe log:

Logfile of HijackThis v1.97.7
Scan saved at 18:40:57, on 22-4-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ppf.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ppf.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ppf.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nkvd.us/1521/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ppf.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nkvd.us/1521/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us/1521/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us/1521/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nkvd.us/1521/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/1521/
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\ToolBand.dll
O2 - BHO: (no name) - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\ToolBand.dll
O2 - BHO: (no name) - {69E7BCC1-DC2D-4A7C-B829-E2DBF287C25F} - C:\WINDOWS\System32\ppf.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: OsbornTech Popup Blocker - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - C:\WINDOWS\System32\mshelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\Downloaded Program Files\ToolBand.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O8 - Extra context menu item: Aanpassen &Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: InvulFormulieren &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Opslaan Formulieren &^ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: InvulFormulieren (HKLM)
O9 - Extra 'Tools' menuitem: InvulFormulieren &] (HKLM)
O9 - Extra button: Opslaan (HKLM)
O9 - Extra 'Tools' menuitem: Opslaan Formulieren &^ (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RoboForm Werkbalk &2 (HKLM)
O13 - DefaultPrefix: http://www.nkvd.us/1521/
O13 - WWW Prefix: http://www.nkvd.us/1521/
O13 - Home Prefix: http://www.nkvd.us/1521/
O13 - Mosaic Prefix: http://www.nkvd.us/1521/
O16 - DPF: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} (Search Bar) - http://www.cameup.com/download2/ToolBand.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://super-gals.com/scj/rotation/templates/um2/x.chm::/ad.exe
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab

 

[Yass]

http://www.mlin.net/files/StartupCPL.zip

Ik raad het jullie allemaal aan om dat proggie ff te downloaden en dan bij HKLM Run te kijken, kun je wegkruisen wat je wel of neit wilt bij 't opstarten..en dan zo weinig mogelijk laten staan. Super simpel.

 

[Eagle Creek]

Geplaatst door Yass
http://www.mlin.net/files/StartupCPL.zip

Ik raad het jullie allemaal aan om dat proggie ff te downloaden en dan bij HKLM Run te kijken, kun je wegkruisen wat je wel of neit wilt bij 't opstarten..en dan zo weinig mogelijk laten staan. Super simpel.

Tot mensen hun virusscanner, firewall, printersdrivers en wat-al-niet-meer allemaal uit gingen schakelen.

Als je niet weet wát je hier uitvinkt kan je beter niets uitvinken (en gewoon op Pieter wachten).

 

[Pieter Arntz]

Geplaatst door BJB83

ctlld.dll 61c00000 61440 c:\windows\system32\ctlld.dll

OK. Goed werk. Dader gevonden. Nu even opruimen.

Download TheKillbox hiere: http://download.broadbandmedic.com/VbStuff/KillBox.zip

Unzip de bestanden naar een aparte map, dubbelklik op Killbox.exe . In het "Paste Full Path of File to Delete" venster, knip en plak je (niet typen of met de verkenner zoeken, hiervandaan knippen en plakken)

c:\windows\system32\ctlld.dll

Klik niet op één van de knoppen maar klik op Action en kies "Delete on Reboot". In het volgende scherm, klik op File en kies "Add File". De filename en het pad date je geplakt hebt zouden tevoorschijn moeten komen.

Als dat gelukt is klik je op Action en "Process and Reboot". Je krijgt dan een prompt dat je opnieuw moet opstarten.

Als dat gebeurd is draai je de nieuwste versie van CWShredder

Maak dan een nieuw HijackThis log en post het.

Groetjes,

Pieter

 

[Pieter Arntz]

Geplaatst door JolandaC
Iemand hier in huis heeft een progje gedownload, genaamd 22153925.exe
Nu is dat waarschijnlijk geinstalleerd.
De exe zelf staat nog op het bureaublad, maar ik krijg het niet verwijderd, het schijnt in gebruik te zijn, maar ik weet er geen raad mee.
Heb al ad-aware gedraaid en nu is dit het logbestand.
Weet iemand of er iets niet klopt?

Hoi JolandaC,

In je log komt hij niet tevoorschijn.
Ga eens via de verkenner naar deze map:
C:\Documents and Settings\Bossinkjes\Bureaublad
Als je hem daar ziet staan, probeer er eens op rechts te klikken en dan met de Shift knop ingedrukt Verwijderen kiezen.

Laat maar even weten of dat werkte.

Groetjes,

Pieter