Helpmij tegen spyware offensief (deel 5)

Muisje74 · 28 jun 2004

Heb weer een probleem op een pc...........heb gescand met Spysweeper en hier de log........

Logfile of HijackThis v1.97.7
Scan saved at 19:14:41, on 28-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\show dale\DupeAboutDownload.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mysearchnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://startpagina.informatique.nl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {748475FF-5CF8-3B93-0F1D-811AAEC5382B} - C:\PROGRA~1\WEBCAK~1\pollsoftware.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Active wma] C:\PROGRA~1\show dale\DupeAboutDownload.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://startpagina.informatique.nl
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

Coen111 · 28 jun 2004

SW10 / FirstEnter

Ha Pieter,

Probleem:
Startpagina SW10 / FirstEnter niet te verwijderen. Lokatie H:\Program Files\FirstEnter\Portal\portal.html

Zowel AdAware als Spybot gerund en problemen laten oplossen.

Als je me kan helpen, graag.
Groet,

Coen.

Logfile of HijackThis v1.97.7
Scan saved at 19:04:32, on 28-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\System32\CTsvcCDA.EXE
H:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
H:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
H:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
H:\WINDOWS\System32\nvsvc32.exe
H:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\WINDOWS\System32\MsPMSPSv.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\Mixer.exe
H:\WINDOWS\System32\CTHELPER.EXE
H:\Program Files\Common Files\Real\Update_OB\realsched.exe
H:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
H:\WINDOWS\System32\RUNDLL32.exe
H:\WINDOWS\System32\dll.exe
H:\WINDOWS\System32\ctfmon.exe
H:\Program Files\SecCopy\SecCopy.exe
H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Real\RealDownload\RealDownload.exe
H:\Program Files\WinZip\WZQKPICK.EXE
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Outlook Express\msimn.exe
H:\WINDOWS\System32\HPZipm12.exe
H:\PROGRA~1\WINZIP\winzip32.exe
H:\Documents and Settings\Coen\Local Settings\Temp\HijackThis.exe
H:\Program Files\HP\hpcoretech\comp\hpdarc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///H:/Program%20Files/FirstEnter/Portal/portal.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///H:/Program%20Files/FirstEnter/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\windows\downloaded program files\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - H:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - H:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdReg] H:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AHQInit] h:\program files\creative\Program\AHQInit.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "H:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "H:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "H:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] H:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Zone Labs Client] H:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "H:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "H:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [mmtask] H:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "H:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [CLSID] H:\WINDOWS\System32\dll.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Second Copy 2000] "H:\Program Files\SecCopy\SecCopy.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealDownload.lnk = H:\Program Files\Real\RealDownload\RealDownload.exe
O4 - Global Startup: WinZip Quick Pick.lnk = H:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://H:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://H:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://H:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://H:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Arcsoft Web Uploader - http://www.hpphoto.com/downloads/ReadFileApplet.cab
O16 - DPF: {00000000-5555-0704-0B53-2C8830E9FAEC} - http://install.questnet.de/soft/ieloader.cab
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc/opuc.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB

H@ns · 28 jun 2004

Re: SW10 / FirstEnter

Geplaatst door Coen111
Ha Pieter,

Probleem:
Startpagina SW10 / FirstEnter niet te verwijderen. Lokatie H:\Program Files\FirstEnter\Portal\portal.html

Zowel AdAware als Spybot gerund en problemen laten oplossen.

Als je me kan helpen, graag.
Groet,

Coen[/url]

Je hebt nog aardig wat andere **** op je PC staan... draai eens SpySweeper en post een nieuw log

BOM · 28 jun 2004

CoolWebsearch

Hallo,

Ik ben de niet zo trotse bezitter van een ongewenste startpagina. Heb gescand met Ad-aware, Spy-bot, WinPatrol, SpySweeper en Hijack This, maar geen resultaat. Daarom hier de HJ log:

Logfile of HijackThis v1.97.7
Scan saved at 13:27:02, on 28-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
C:\Documents and Settings\Willem\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Willem\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Willem\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Willem\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Willem\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Willem\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Willem\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {D3E25645-4F48-421B-8194-CE0F5FB87A59} - C:\WINDOWS\System32\hbiddn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run DAP (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38164.2736226852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/Flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A91E128-A095-4420-9798-364DA1494C47}: NameServer = 212.142.28.130,212.142.28.66

Bij voorbaat dank voor de hulp!

arcokolken · 28 jun 2004

Ik heb ook last van de startpagina die zijn eigen leven leid zoals bovenstaande post. Kun je me helpen met deze logfile? Alvast bedankt

Logfile of HijackThis v1.97.7
Scan saved at 14:11:20, on 27-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Arco\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kolken\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kolken\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kolken\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kolken\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kolken\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kolken\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {94F4A445-63C0-4C70-A457-A0FFCCB6900F} - C:\WINDOWS\System32\ifmafg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\nl\msntb.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...ector/swdir.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downl...922/wmv9VCM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab

gekky29 · 28 jun 2004

hier een logje welke dingen kunnen eruit

Logfile of HijackThis v1.97.7
Scan saved at 20:01:28, on 28-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\gekky29\Bureaublad\Extra`s\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/?from=start.home.nl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

puppie · 28 jun 2004

Hoi.

Als ik op dit moment een item open op de helpmij site dan gaat op de achtergrond een extra website open. Het is niet steeds dezelfde.

Ik heb net gescand met spybot en deze heeft 19 problemen opgelost.
Ik hoor/lees het wel als er iets niet klopt.

Logfile of HijackThis v1.97.7
Scan saved at 20:25:12, on 28-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Norman\Nvc\BIN\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\r_server.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Administrator\Application Data\esrt.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\WINDOWS\System32\NDrv.exe
C:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.home.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Handy Backup 4.0] "C:\Program Files\Novosoft\Handy Backup\hbagent.exe" -logon
O4 - HKCU\..\Run: [Elmp] C:\Documents and Settings\Administrator\Application Data\esrt.exe
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe
O4 - HKLM\..\RunOnce: [wu] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wu.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Onderzoek (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab

dicks · 28 jun 2004

wil je voor me kijken wat er niet goed is a.u.b.

Logfile of HijackThis v1.97.7
Scan saved at 20:59:39, on 28-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\mfcsn.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\apiey32.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Overnet\overnet.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Slimmen\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uejjl.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://uejjl.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search200.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://uejjl.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search200.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uejjl.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://uejjl.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\uejjl.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {0A644696-8F0D-3061-6A0B-EB8E60093173} - C:\WINDOWS\system32\javaov32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [apiey32.exe] C:\WINDOWS\apiey32.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKLM\..\RunOnce: [mfcsn.exe] C:\WINDOWS\mfcsn.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/lang/neutral/SysVerChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38047.2958217593
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - http://pointa.autodesk.com/portal/lang/enu/InstBanr.Ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

Pieter Arntz · 28 jun 2004

Re: Ik ben blijkbaar niet alleen : about:blank

Geplaatst door phal

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Philip\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Philip\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Philip\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Philip\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Philip\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Philip\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {710D06B9-C6A5-49B1-A52F-EF74BF32E70B} - C:\WINNT\system32\obinob.dll

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07fffc7e94dbc0da6405/netzip/RdxIE601.cab

Hoi Phal,

Vink dan de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Lees dan hier verder: http://www.helpmij.nl/forum/showthread.php?threadid=168347

Groetjes,

Pieter

fener33 · 28 jun 2004

ik heb gescand mety ad-aware maar mijn pc is extreem sloom ik heb een windows xp met 512 geheugen en 1,6 proccesor

en ik vroeg me ook af of jullie konden zeggen wat ik moet doen om ehm sneller te maken + plus onnodige opstart dingen te verwijderen
alvast bedankt fener33:thumb:

Logfile of HijackThis v1.97.7
Scan saved at 21:03:02, on 28-6-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\BIN\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\rsvp.exe
C:\Program Files\LimeWire\jre\bin\javaw.exe
C:\Program Files\Windows Media Player\wmplayer.exe
D:\unzipped\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://svcs.microsoft.com/svcs/mms/...LCID=0413&BrandID=WindowsMessenger&Country=00
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\nl\msntb.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1088345152499
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
O16 - DPF: {8D023D6D-5494-459E-A163-BD0A5DFADDE1} (YMSC Class) - http://download.yahoo.com/dl/toolbar/modules/ymsc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game11.zylom.wanadoo.nl/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab

Pieter Arntz · 28 jun 2004

Geplaatst door H@NsiePanzzzer
Pieter, als jij er bijv. niet bent en er is iemand hier met dat fijne Temp/sp probleem, mag ik hem dan alvast naar het welbekende topic verwijzen of moet je hem eerst die betreffende entries laten verwijderen?

Hans,

Als jij de rode draad ziet vind ik het prima.
Ik geef altijd wel even aan welke gefixed zouden moeten worden.
Als je het niet zeker weet vraag dan gewoon of ze nog een nieuw log willen plaatsen als ze klaar zijn met het verwijderen van CWS.
Dan kunnen we dan altijd nog kijken of er nog meer aan de hand is.

Groetjes,

Pieter

Pieter Arntz · 28 jun 2004

Geplaatst door Wim1960

Bedankt Pieter,
Ik heb direct gekeken naar de map bb32, die was helemaal leeg voor ik hijack draaide. Dat is raar, want gisteren stond het bestand er echt in. Ik heb het met hijack verwijderd zoals je hebt aangegeven. Ik houd het wel even in de gaten. Ik heb dus niets te zippen. Ik za de map bb32 maar weggoien.

Het enige waar windows nu nog de naam vind is in het volgende bestand G;\Windows\Prefetch\FMSFFSRV.EXE-047706FF.pf. Kan dat nog kwaad?

Prefetch bestanden alleen kunnen geen kwaad, maar het is goed om af en to die map leeg te gooien of in ieder geval uit te mesten:
http://www.tweakxp.com/tweak525.aspx

Groetjes,

Pieter

Clit13 · 28 jun 2004

En ik maar wachten en wachten, en iedereen posten en posten....
Blijkt dat ik al lang door Pieter ben geholpen!

Dave, schaam je!

Pieter, bedankt, ik zal je tips direct uitvoeren.

groet,
Dave.

Pieter Arntz · 28 jun 2004

Geplaatst door Muisje74

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mysearchnow.com

O2 - BHO: (no name) - {748475FF-5CF8-3B93-0F1D-811AAEC5382B} - C:\PROGRA~1\WEBCAK~1\pollsoftware.dll

O4 - HKLM\..\Run: [Active wma] C:\PROGRA~1\show dale\DupeAboutDownload.exe

Hoi Muisje74,

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op in veilige modus en verwijder:
C:\PROGRAM FILES\show dale <= de hele map
C:\PROGRAM FILES\WEBCAK~1 <= de hele map met het bestand pollsoftware.dll er in

Groetjes,

Pieter

H@ns · 28 jun 2004

Geplaatst door Pieter Arntz

Hans,

Als jij de rode draad ziet vind ik het prima.
Ik geef altijd wel even aan welke gefixed zouden moeten worden.
Als je het niet zeker weet vraag dan gewoon of ze nog een nieuw log willen plaatsen als ze klaar zijn met het verwijderen van CWS.
Dan kunnen we dan altijd nog kijken of er nog meer aan de hand is.

Groetjes,

Pieter

Oke, ik zie inderdaad de rode draad wel

Ik zal de entries aangeven waarvan ik zeker weet dat ze weg mogen en hun verwijzen naar hét topic :thumb:

Pieter Arntz · 28 jun 2004

Re: SW10 / FirstEnter

Geplaatst door Coen111

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///H:/Program%20Files/FirstEnter/Portal/portal.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///H:/Program%20Files/FirstEnter/Portal/portal.html

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [UpdReg] H:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DXM6Patch_981116] H:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [CLSID] H:\WINDOWS\System32\dll.exe

O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB

Hoi Coen111,

Voor je begint wil ik je aanraden om HijackThis naar een aparte map uit te pakken. Het programma maakt backups in de map waar het staat en
zoals jij het nu draait (uit de zipmap) gaat dat niet.

Vink dan de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op in veilige modus en verwijder:
H:\WINDOWS\System32\dll.exe
H:\Program Files\FirstEnter <= de hele map

Groetjes,

Pieter

Pieter Arntz · 28 jun 2004

Re: CoolWebsearch

Geplaatst door BOM

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Willem\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Willem\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Willem\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Willem\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Willem\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Willem\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {D3E25645-4F48-421B-8194-CE0F5FB87A59} - C:\WINDOWS\System32\hbiddn.dll

Hoi BOM,

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Lees dan hier verder: http://www.helpmij.nl/forum/showthread.php?threadid=168347

Groetjes,

Pieter

Pieter Arntz · 28 jun 2004

Geplaatst door arcokolken

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kolken\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kolken\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kolken\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kolken\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kolken\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kolken\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank

O2 - BHO: (no name) - {94F4A445-63C0-4C70-A457-A0FFCCB6900F} - C:\WINDOWS\System32\ifmafg.dll

Hoi arcokolken,

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Lees dan hier verder: http://www.helpmij.nl/forum/showthread.php?threadid=168347

Groetjes,

Pieter

Pieter Arntz · 28 jun 2004

Geplaatst door gekky29

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe ***

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ***

Hoi gekky29,

*** zijn volgens mij overbodig.

Groetjes,

Pieter

Pieter Arntz · 28 jun 2004

Geplaatst door puppie

O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll

O4 - HKCU\..\Run: [Elmp] C:\Documents and Settings\Administrator\Application Data\esrt.exe
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe
O4 - HKLM\..\RunOnce: [wu] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wu.exe

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

Hoi puppie,

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op in veilige modus en verwijder:
C:\Documents and Settings\Administrator\Application Data\esrt.exe
C:\WINDOWS\System32\NDrv.exe

Gebruik daarna (nog steeds in veilige modus) Schijfopruiming om al je Temp mappen leeg te maken.

Groetjes,

Pieter

Helpmij tegen spyware offensief (deel 5)

Gebruiker

Gebruiker

Terugkerende gebruiker

Nieuwe gebruiker

Gebruiker

Terugkerende gebruiker

Supermoderator

Gebruiker

Spywareslayer

Gebruiker

Spywareslayer

Spywareslayer

Terugkerende gebruiker

Spywareslayer

Terugkerende gebruiker

Spywareslayer

Spywareslayer

Spywareslayer

Spywareslayer

Spywareslayer

Wij waarderen jouw privacy