Helpmij tegen spyware offensief (deel 4)

Status
Niet open voor verdere reacties.
Geplaatst door krijg064

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL ***
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP ***

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE ***
Klik om te vergroten...

Hoi krijg064,

Niet veel bijzonders, dus ik heb de overbodige ook aangegeven ( met ***)

De gemaakte selectie aanvinken in HijackThis. Alle vensters behalve HijackTHis sluiten en op Fix checked klikken.

Start daarna opnieuw op.

Groetjes,

Pieter
 
Geplaatst door teckeltje
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www/ie/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www/

O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\lstb4drc.dll

O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem218.dll

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [system32] C:\WINDOWS\System32\system32.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1012.dll,InstantAccess

O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/035ca2b03a98e64fd316/netzip/RdxIE601.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge-c2.cab

O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} (Cltbuilder Class) - http://akamai.downloadv3.com/binaries/one2one/one2oneSvcEN.cab

O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1012_EN_XP.cab

O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
Klik om te vergroten...

Hoi teckeltje,

De bovenstaande aanvinken in HijackThis. Alle vensters behalve HijackThis sluiten en op Fix checked klikken.

Start daarna opnieuw op in veilige modus en verwijder:
C:\Program Files\MyWebSearch <= de hele map
C:\Program Files\VBouncer <= de hele map
C:\WINDOWS\Belt.exe
C:\WINDOWS\System32\system32.exe
C:\Program Files\ISTsvc <= de hele map

Groetjes,

Pieter
 
Re: Nu juist?

Geplaatst door Eeke

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Onlinedirect/Portal/portal.html

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [Mscolour] c:\windows\system32\mscolour.exe
O4 - HKLM\..\Run: [Idecntl] c:\windows\system32\idecntl.exe
O4 - HKLM\..\Run: [dmxsdkm] C:\WINDOWS\System32\dmxsdkm.exe
O4 - HKLM\..\Run: [Mswavedll] c:\windows\system32\mswavedll.exe
O4 - HKLM\..\Run: [CLSID] C:\WINDOWS\System32\sed.exe
O4 - HKCU\..\Run: [MessengerPlus2] "\" /WinStart
O4 - HKCU\..\Run: [Cmt101] c:\windows\system32\cmt101.exe
O4 - HKCU\..\Run: [Mswavedll] c:\windows\system32\mswavedll.exe
O4 - HKCU\..\Run: [Mscolour] c:\windows\system32\mscolour.exe
O4 - HKCU\..\Run: [Audiocntl] c:\windows\system32\audiocntl.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://i.rn11.com/iwasher/pptproactauthmirror/internetwasherpro.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.cavello.com/dialxs/plugins/d/4/402/be.exe

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
Klik om te vergroten...

Hoi Eeke,

Zoek eerst het bestand C:\WINDOWS\system32\drivers\ect\hosts op en hernoem dat naar hosts.bak

Dan de bovenstaande aanvinken in HijackThis. Alle vensters behalve HijackThis sluiten en op Fix checked klikken.

Start daarna opnieuw op in veilige modus en verwijder:
c:\windows\system32\mscolour.exe
c:\windows\system32\idecntl.exe
C:\WINDOWS\System32\dmxsdkm.exe
c:\windows\system32\mswavedll.exe
c:\windows\system32\audiocntl.exe
C:\WINDOWS\System32\sed.exe
c:\windows\system32\cmt101.exe
C:\Program Files\Onlinedirect <= de hele map

Scan nog even online bij www.housecall.nl
Die eerste vijf lijken mij allemaal Agobot variantjes en misschien zijn er nog meer.

Groetjes,

Pieter
 
Geplaatst door Stem

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Onlinedirect/Portal/portal.html

O4 - HKLM\..\Run: [CLSID] C:\WINDOWS\System32\sed.exe
Klik om te vergroten...

Hoi Stem,

De bovenstaande aanvinken in HijackThis. Alle vensters behalve HijackThis sluiten en op Fix checked klikken.

Start daarna opnieuw op in veilige modus en verwijder:
C:\WINDOWS\System32\sed.exe
C:\Program Files\Onlinedirect <= de hele map

Groetjes,

Pieter
 
Re: Gaarne logfile controleren

Geplaatst door ajoeb

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - (no file)

O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)

O4 - HKLM\..\Run: [MSAdmin] C:\WINDOWS\System32\JDBGMRG.EXE
O4 - HKLM\..\Run: [atisrc2] C:\WINDOWS\System32\windfind.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.cavello.com/dialxs/plugins/d/1/009/nl.exe

O16 - DPF: {C87158C1-3C5B-4EE4-B87F-3457C83BC4CE} (Fairtale.Class1) - http://www.fairtale.com/dialer/fairtale.cab
Klik om te vergroten...

Hoi ajoeb,

De bovenstaande aanvinken in HijackThis. Alle vensters behalve HijackThis sluiten en op Fix checked klikken.

Start daarna opnieuw op in veilige modus en verwijder:
C:\Program Files\Orbit <= de hele map
C:\Program Files\Common Files\GMT <= de hele map
C:\Program Files\Common files\updater <= de hele map

en wil je deze twee naar me mailen:
C:\WINDOWS\System32\JDBGMRG.EXE
C:\WINDOWS\System32\windfind.exe
Ik denk dat het trojans zijn, maar ik wil er graag even naar kijken.
klik voor het adres

En verwijder P2P Networking in Configuratiescherm > Software

Groetjes,

Pieter
 
Re: hijjack

Geplaatst door jacobba

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ehaniba.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ehaniba.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ehaniba.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ehaniba.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ehaniba.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ehaniba.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Onlinedirect/Portal/portal.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
O2 - BHO: (no name) - {045998F6-7B91-4E51-BAEF-01787197657C} - C:\WINDOWS\System32\ehaniba.dll (file missing)

O4 - HKLM\..\Run: [AdobeFonts] C:\WINDOWS\Fonts\fonts.hta

O4 - HKLM\..\Run: [Msoffice] C:\WINDOWS\Fonts\msoffice.hta

O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\system.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
Klik om te vergroten...

Hoi jacobba,

De bovenstaande aanvinken in HijackThis. Alle vensters behalve HijackThis sluiten en op Fix checked klikken.

Start daarna opnieuw op in veilige modus en verwijder:
C:\Program Files\Common Files\GMT <= de hele map
C:\WINDOWS\Fonts\msoffice.hta
C:\WINDOWS\Fonts\fonts.hta

Surf dan naar:
http://www.kaspersky.com/remoteviruschk.html
en laat daar even C:\WINDOWS\System\system.exe scannen. Laat de resulatten maar even weten.

Lees dan:
http://www.helpmij.nl/forum/showthread.php?threadid=162413

Groetjes,

Pieter
 
Hoi Pieter,

Ik heb gefixed wat je zei.

De bestanden die ik via veilige modus moest wissen, stonden er niet meer tussen...

Hier is de nieuwe log:

Logfile of HijackThis v1.97.7
Scan saved at 15:10:20, on 13/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Eigenaar\Mijn documenten\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luc.ac.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\IEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Onderzoekscentrum (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


Grtz
 
Geplaatst door Pieter Arntz


Hoi nemor,

Ik heb de overbodoge nog even laten staan. Kijk eerst maar even hoe ver we hiermee komen.

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op in veilige modus en verwijder:
C:\WINDOWS\System32\sed.exe
C:\Program Files\Onlinedirect <= de hele map
C:\Program Files\MyWebSearch <= de hele map
C:\Program Files\CHIC01~1 <= de hele map met het bestand FASTOOZE.dll er in
C:\Program Files\FIRSTB~1 <= de hele map met het bestand Copy That Owns.exe er in
RunDll16.exe <= indien aanwezig

Groetjes,

Pieter
Klik om te vergroten...

Pieter harstikke bedankt ik heb gedaan wat je zei en heb nu geen ge*** meer met explorer!:thumb: Alleen toen ik in veilige modus bezig was heb ik alles verwijdert en gevonden behalve C:\Program Files\CHIC01~1 <= de hele map met het bestand FASTOOZE.dll er in
DE map heb ik wel geconden alleen dat bestandje stond er niet in er stond wel type bib bits.dat in maar niet FASTOOZE.dll is dat erg ik heb map al wel verwijdert?
 
Hallo Peter,

Ik heb de dingen verwijderd zoals je zei. Dus dan moet ie nu goed zijn.

Logfile of HijackThis v1.97.7
Scan saved at 15:54:46, on 13-5-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\System32\gearsec.exe
D:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
D:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Messenger\msmsgs.exe
D:\set-ups\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [DownloadAccelerator] D:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37914.4382407407
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553560000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Gr. Astrid
 
hoi peter
ben ik weer
maar nu met een log van iemand die erg veel problemen heeft met z'n pc het zit in de familie geloof ik!!

Logfile of HijackThis v1.97.7
Scan saved at 14:53:52, on 13-5-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\GRIMRE~1\objsecond.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Hotbar\bin\4.4.5.0\Hbinst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SysAI\SysAI.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Hotbar\bin\4.4.2.0\HbSrv.exe
C:\Documents and Settings\Van VEGGEL\Local Settings\Temp\Tijdelijke map 5 voor hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mysearchnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
O2 - BHO: (no name) - {3725BB4C-C4C4-28F9-E6C0-248E3C5EA53C} - C:\PROGRA~1\POPNUR~1\SurfBind.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.4.2.0\HbHostIE.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.4.2.0\HbHostIE.dll
O3 - Toolbar: loud kind poke - {047BA4E1-90EE-7ABA-3500-DDFA32CF5EED} - C:\PROGRA~1\POPNUR~1\SurfBind.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [64 online] C:\PROGRA~1\GRIMRE~1\objsecond.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.4.5.0\Hbinst.exe /Upgrade
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0F1E6DE-3B9B-4832-942F-F34D6E2D1157}: NameServer = 195.121.1.34 195.121.1.66


alvast hartelijk dank!!!:p
 
Laatst bewerkt:
Geplaatst door Nemor


Pieter harstikke bedankt ik heb gedaan wat je zei en heb nu geen ge*** meer met explorer!:thumb: Alleen toen ik in veilige modus bezig was heb ik alles verwijdert en gevonden behalve C:\Program Files\CHIC01~1 <= de hele map met het bestand FASTOOZE.dll er in
DE map heb ik wel geconden alleen dat bestandje stond er niet in er stond wel type bib bits.dat in maar niet FASTOOZE.dll is dat erg ik heb map al wel verwijdert?
Klik om te vergroten...

Nee, dat is niet erg. FASTOOZE.dll was waarschijnlijk al door HijackThis verwijderd.

Groetjes,

Pieter
 
Geplaatst door teckeltje

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
Klik om te vergroten...

Hoi teckeltje,

Bijna. Zo te zien zijn de bestanden al weg, maar moet die regel nog even geFIXed worden.

Groetjes,

Pieter
 
Geplaatst door vanzwam


O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab

O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
Klik om te vergroten...

Hoi vanzwam,

NewDotNet aka New.Net (Domains) kun je beter via Configuratiescherm > Software verwijderen.

Verder is het wel een heel kort lijstje. Ik denk dat je eerder dingen mist dan teveel hebt.

Een Windows update zou soelaas kunnen brengen.

Groetjes,

Pieter
 
even opnieuw

Hallo,

waarschijnlijk werd deze log niet gezien want ik vind geen reactie en wel van de logs na mij.

Groetjes

Hallo

Mijn vriendin had problemen met haar pc ,ik heb haar een beetje geholpen maar toch zou ik heel graag hebben dat er eens iemand de log kan nakijken of er niet nog wat verscholen zit. Voor het ogenblik zijn er geen problemen meer met haar pc .

Dank op voorhand
Martien


hijackthis Logfile of HijackThis v1.97.7
Scan saved at 11:35:17, on 13/05/2004
Platform: windows XP SP1 (winNT 5.01.2600)
MSIE: Internet Explorer v6.00 sp1 (6.00.2800.1106)
Running processes:
C:\WINDOWs\system32\smss.exe
C:\WINDOWs\system32\winlogon.exe
C:\WINDOWs\system32\services.exe
C:\WINDOWs\system32\lsass.exe
C:\WINDOWs\system32\svchost.exe
C:\WINDOWs\system32\svchost.exe
C:\WINDOWS\Explorer.ExE
C:\WINDOWs\system32\spoolsv.exe
c:\Program Files\common Files\symantec shared\ccEvtMgr.exe
c:\program Files\Norton Systemworks\Norton Antivirus\navapsvc.exe
c:\Program Files\Norton systemworks\Norton utilities\NPRoTECT.EXE C:\PROGRA-1\NORTON-1\SPEEDD-1\nopdb.exe
C:\WINDOWs\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWs\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
c:\Program Files\Hewlett-packard\HP share-to-web\hpgs2wnd.exe
c:\Program Files\QuickTime\qttask.exe
c:\Program Files\common Files\symantec shared\ccApp.exe
c:\Program Files\Messenger\msmsgs.exe
c:\program Files\Hewlett-packard\Digital Imaging\bin\hpobnz08.exe
c:\Program Files\Hewlett-packard\Digital Imaging\bin\hposol08.exe
c:\Program Files\Hewlett-packard\HP share-to-web\hpgs2wnf.exe
c:\Program Files\Hewlett-packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\HPZlpm12.exe
c:\Program Files\RegHealer\regheal.exe
C:\Documents and settings\stockpc\Bureaublad\opkuis\NEw\HijackThis.exe
RO - HKCU\software\Microsoft\Internet Explorer\Main,start Page = http://www.page.be/
Rl - HKLM\software\Microsoft\Internet Explorer\Main,Default_page_uRL = http://www.tiscali.be
Rl - HKCU\software\Microsoft\Internet Explorer\Main,window Title = Microsoft Internet Explorer provided by Tiscali
RO - HKCU\software\Microsoft\Internet Explorer\Main,Local page =
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
02 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BEOB3} - c:\Program Files\Adobe\Acrobat 5.0\Reader\Activex\AcroIEHelper.ocx
02 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton systemworks\Norton Antivirus\NavshExt.dll
03 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00AOC9082467} C:\WINDOWS\System32\msdxm.ocx
03 - Toolbar: Norton Antivirus - {42CDD1BF-3FFB-4238-8ADl-7859DFOOB1D6} c:\Program Files\Norton systemWorks\Norton Antivirus\NavshExt.dll
04 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
04 - HKLM\..\Run: [HotKeyscmds] C:\WINDOWs\system32\hkcmd.exe
04 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
04 - HKLM\..\Run: [NeroCheck] C:\WINDOWs\system32\\Nerocheck.exe
04 - HKLM\..\Run: [share-to-web Namespace Daemon] c:\Program Files\Hewlett-packard\HP share-to-web\hpgs2wnd.exe
04 - HKLM\..\Run: [QuickTime Task] "c:\program Files\QuickTime\qttask.exe" -atboottime .
04 - HKLM\.. \Run: [CCApp] "c:\program Files\common Files\Symantec shared\ccApp.exe"
04 - HKLM\..\Run: [ccRegvfy] "c:\program Files\common Files\symantec shared\ccRegvfy.exe"
04 - HKCU\..\Run: [MSMSGS] "c:\Program Files\Messenger\msmsgs.exe" /background 04 - Global Startup: hp psc 2000 series.lnk = c:\Program
Files\Hewlett-packard\Di~ital Imaging\bin\hpobnz08.exe.
04 - Global Startup: offlcejet 6100.lnk = ?
04 - Global Startup: Microsoft office.lnk = c:\Program Files\Microsoft
D::>n;n::> 1


Office\office\OSA9.EXE
012 - plugin for .fpx: c:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
012 - plugin for .ivr: c:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
014 - IERESET.INF: START_PAGE-URL=http://www.tiscali.be
016 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (shockwave Activex Control) http://download.macromedia.com/pub/...directorjsw.cab
016 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (Dialxsctl object) http://dialxs.nl/install/dialxs.ocx
016 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (shockwave Flash object) http://fpdownload.macromedia.com/pu...ashjswflash.cab
017 - HKLM\system\ccs\services\Tcpip\..\{F2B5C5A7-AA56-4CEl-8CF5-41CA05CFEA94}: Nameserver = 62.235.14.4 62.235.13.198
 
Geplaatst door kidshome


O2 - BHO: MyWebSearch Search Assistant BHO -
{00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} -
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA}
- C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P
Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe

O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZCxdm231

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2717bd68e282f1a37619/netzip/RdxIE601.cab

O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} - http://dialxs.nl/install/dialxs.ocx
Klik om te vergroten...

Hoi kidshome,

De bovenstaande aanvinken in HijackThis. Alle vensters behalve HijackThis sluiten en op Fix checked klikken.

Start daarna opnieuw op in veilige modus en verwijder:
C:\Program Files\Common Files\GMT <= de hele map
C:\Program Files\MyWebSearch <= de hele map
C:\Program Files\Date Manager <= de hele map
C:\Program Files\PrecisionTime <= de hele map

Groetjes,

Pieter
 
Geplaatst door Stem
Hoi Pieter,

Ik heb gefixed wat je zei.

De bestanden die ik via veilige modus moest wissen, stonden er niet meer tussen...

Hier is de nieuwe log
Klik om te vergroten...

:thumb: Ik kan er niks meer in vinden, :thumb:

Pieter
 
Waaw, super :thumb: ... echt heel veel bedankt hoor...

Hoe kan ik jou hier ooit voor bedanken :o
 
Geplaatst door tintin


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mysearchnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html

O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll

O2 - BHO: (no name) - {3725BB4C-C4C4-28F9-E6C0-248E3C5EA53C} - C:\PROGRA~1\POPNUR~1\SurfBind.dll

O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.4.2.0\HbHostIE.dll

O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.4.2.0\HbHostIE.dll
O3 - Toolbar: loud kind poke - {047BA4E1-90EE-7ABA-3500-DDFA32CF5EED} - C:\PROGRA~1\POPNUR~1\SurfBind.dll

O4 - HKLM\..\Run: [64 online] C:\PROGRA~1\GRIMRE~1\objsecond.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.4.5.0\Hbinst.exe /Upgrade

O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.exe

O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
Klik om te vergroten...

Hoi tintin,

Of zou het komen omdat jullie allemaal dezelfde versie van windows hebben? :p

Unzip hijackthis.exe eerst naar een aparte map. Het programma maakt backups in de map waar de .exe zich bevindt. In een Temp map verdwijnen die nogal gemakkelijk.

De bovenstaande aanvinken in HijackThis. Alle vensters behalve HijackThis sluiten en op Fix checked klikken.

Start daarna opnieuw op in veilige modus en verwijder:
C:\Program Files\SysAI <= de hele map
C:\PROGRA~1\POPNUR~1 <= de hele map met het bestand SurfBind.dll er in
C:\Program Files\Hotbar <= de hele map
C:\PROGRA~1\GRIMRE~1 <= de hele map met het bestand objsecond.exe er in
C:\Program Files\AutoUpdate <= de hele map

Groetjes,

Pieter
 
Re: even opnieuw

Geplaatst door martien54
Hallo,

waarschijnlijk werd deze log niet gezien want ik vind geen reactie en wel van de logs na mij.
Klik om te vergroten...

Hoi martien54,

Ik heb een rare volgorde aangehouden. Het antwoord op jouw log staat een paar berichtjes voor je herhaling.

Groetjes,

Pieter
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan