Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Startnow is geen CWS maar ShopNav
Groetjes,
Pieter
Helpmij tegen spyware offensief (deel 5)
- Onderwerp starter m@rio
- Startdatum
- Status
Startnow is geen CWS maar ShopNav
Groetjes,
Pieter
nazicht
Hallo allemaal.
Willen jullie dit voor mij even bekijken en laten weten wat ik dan moet doen.
Gescand met Ad aware 6.181
kijken jullie ook even naar de startup items en verwijder dan alles wat er teveel opstaat a.u.b
Logfile of HijackThis v1.98.0
Scan saved at 1:03:40 PM, on 7/2/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: Norton AntiVirus 2004 Professional.lnk = C:\Program Files\Common Files\Symantec Shared\NMain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_BE.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
Hallo allemaal.
Willen jullie dit voor mij even bekijken en laten weten wat ik dan moet doen.
Gescand met Ad aware 6.181
kijken jullie ook even naar de startup items en verwijder dan alles wat er teveel opstaat a.u.b
Logfile of HijackThis v1.98.0
Scan saved at 1:03:40 PM, on 7/2/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: Norton AntiVirus 2004 Professional.lnk = C:\Program Files\Common Files\Symantec Shared\NMain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_BE.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
Pieter,
grote stroomstoring gisteren in mijn durp!
hier komt mijn log:
Logfile of HijackThis v1.98.0
Scan saved at 13:13:49, on 2-7-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\appfo32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\riauapdk.exe
C:\Program Files\WindowsSA\omniscient.exe
C:\WINDOWS\system32\ntcv.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\Bind32Build\Test regs.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\program files\altnet\points manager\points manager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\services.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Documents and Settings\Willem\Bureaublad\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xszta.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://xszta.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://xszta.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xszta.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xszta.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://xszta.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F25C11A7-4B1F-5738-A16E-7A1B2A977B88} - C:\WINDOWS\system32\apppx32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TaskMon] C:\WINDOWS\System32\taskmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Mario\Bureaublad\overig\MsgPlus.exe"
O4 - HKLM\..\Run: [jkizkxajm] C:\WINDOWS\System32\riauapdk.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [ntcv.exe] C:\WINDOWS\system32\ntcv.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\bridge.dll",Load
O4 - HKLM\..\Run: [meow knob] C:\PROGRA~1\Bind32Build\Test regs.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4104.exe"
O4 - HKLM\..\RunOnce: [appfo32.exe] C:\WINDOWS\appfo32.exe
O4 - HKLM\..\RunOnce: [sdknt.exe] C:\WINDOWS\sdknt.exe
O4 - HKLM\..\RunOnce: [atltn32.exe] C:\WINDOWS\atltn32.exe
O4 - HKLM\..\RunOnce: [addcm32.exe] C:\WINDOWS\addcm32.exe
O4 - HKLM\..\RunOnce: [netdp32.exe] C:\WINDOWS\netdp32.exe
O4 - HKLM\..\RunOnce: [appbc32.exe] C:\WINDOWS\system32\appbc32.exe
O4 - HKLM\..\RunOnce: [iewb32.exe] C:\WINDOWS\system32\iewb32.exe
O4 - HKLM\..\RunOnce: [apirp32.exe] C:\WINDOWS\system32\apirp32.exe
O4 - HKLM\..\RunOnce: [mfcck.exe] C:\WINDOWS\mfcck.exe
O4 - HKLM\..\RunOnce: [ntuv.exe] C:\WINDOWS\system32\ntuv.exe
O4 - HKLM\..\RunOnce: [addng32.exe] C:\WINDOWS\addng32.exe
O4 - HKLM\..\RunOnce: [javarq.exe] C:\WINDOWS\javarq.exe
O4 - HKLM\..\RunOnce: [ntfj32.exe] C:\WINDOWS\ntfj32.exe
O4 - HKLM\..\RunOnce: [d3nb.exe] C:\WINDOWS\system32\d3nb.exe
O4 - HKLM\..\RunOnce: [syszy32.exe] C:\WINDOWS\syszy32.exe
O4 - HKLM\..\RunOnce: [iput32.exe] C:\WINDOWS\system32\iput32.exe
O4 - HKLM\..\RunOnce: [atltu32.exe] C:\WINDOWS\system32\atltu32.exe
O4 - HKLM\..\RunOnce: [ipab.exe] C:\WINDOWS\ipab.exe
O4 - HKLM\..\RunOnce: [netlu32.exe] C:\WINDOWS\netlu32.exe
O4 - HKLM\..\RunOnce: [sdkzu32.exe] C:\WINDOWS\system32\sdkzu32.exe
O4 - HKLM\..\RunOnce: [d3sf.exe] C:\WINDOWS\d3sf.exe
O4 - HKLM\..\RunOnce: [winux.exe] C:\WINDOWS\winux.exe
O4 - HKLM\..\RunOnce: [addwb.exe] C:\WINDOWS\addwb.exe
O4 - HKLM\..\RunOnce: [winvj.exe] C:\WINDOWS\winvj.exe
O4 - HKLM\..\RunOnce: [javazh32.exe] C:\WINDOWS\system32\javazh32.exe
O4 - HKLM\..\RunOnce: [javaie32.exe] C:\WINDOWS\javaie32.exe
O4 - HKLM\..\RunOnce: [windj.exe] C:\WINDOWS\system32\windj.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [services.exe] "C:\WINDOWS\services.exe"
O4 - HKCU\..\RunOnce: [Demo.exe] "C:\Program Files\ABEX\Demo\Demo.exe"
O4 - Startup: Demo.lnk = C:\Program Files\ABEX\Demo\Demo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll
Groet Guillermo
H@ns
Terugkerende gebruiker
- Lid geworden
- 22 dec 2003
- Berichten
- 4.824
Re: nazicht
Hoi winger,
Allereerst wil ik je aanraden HijackTHis in een eigen map te zetten, en niet in de Temp mappen. HijackThis maakt namelijk backups in de map waaruit hij opgestart wordt, en dat is in jouw geval de Temp map. Raken ze te gemakkelijk kwijt
*** = onnodig
Vink bovenstaande aan in HijackThis, sluit alle vensters behalve HijackTHis en klik op Fix Checked.
Download en run CWShredder
Start hierna opnieuw op in veilige modus, en verwijder:
C:\Program Files\MyWay << deze map
Post hierna nog even een nieuw logje ter controle
Hoi winger,
Allereerst wil ik je aanraden HijackTHis in een eigen map te zetten, en niet in de Temp mappen. HijackThis maakt namelijk backups in de map waaruit hij opgestart wordt, en dat is in jouw geval de Temp map. Raken ze te gemakkelijk kwijt
*** = onnodig
Vink bovenstaande aan in HijackThis, sluit alle vensters behalve HijackTHis en klik op Fix Checked.
Download en run CWShredder
Start hierna opnieuw op in veilige modus, en verwijder:
C:\Program Files\MyWay << deze map
Post hierna nog even een nieuw logje ter controle
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: nazicht
Hoi Winger,
Vink de bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix checked.
Start dan opnieuw op in veilige modus en verwijder:
C:\Program Files\MyWay <= de hele map
Groetjes,
Pieter
Hoi Winger,
Vink de bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix checked.
Start dan opnieuw op in veilige modus en verwijder:
C:\Program Files\MyWay <= de hele map
Groetjes,
Pieter
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Hans,
Niet die extra buttons laten verwijderen in HijackThis 1.98.0
Dat het daar no file aangeeft is één van de bugs.
Groetjes,
Pieter
Niet die extra buttons laten verwijderen in HijackThis 1.98.0
Dat het daar no file aangeeft is één van de bugs.
Groetjes,
Pieter
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Vink de bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix checked.
Start dan opnieuw op in veilige modus en verwijder:
C:\Program Files\WindowsSA <= de hele map
C:\Program Files\Bind32Build <= de hele map
Post maar een nieuw log als je daarmee klaar bent. Dan kijken we dan wel weer verder.
Groetjes,
Pieter
H@ns
Terugkerende gebruiker
- Lid geworden
- 22 dec 2003
- Berichten
- 4.824
Het schijnt alleen maar erger te worden
Sluit je echt alle vensters als je bovenstaande fixt?Tips:
1) Gooi Kazaa onmiddelijk van je PC
2) Gebruik nooit meer Kazaa
3) doe precies wat je zometeen gezegd wordt
Vink alle bovenstaande aan in HijackTHis , sluit alle vensters behalve HijackThis en klik op Fix Checked.
Draai hierna CWShredder, door de Fix knop te gebruiken en de aanwijzingen van het programma goed volgen
Ga hierna direct naar je Internet Explorer, Extra - INternet Opties en klik daar op "Bestanden verwijderen" (ook offline) en op "Cookies Verwijderen"
Start hierna meteen opnieuw op in veilige modus en verwijder:
C:\WINDOWS\Downloaded Program Files\CONFLICT.1 << deze map
C:\PROGRAM FILES\Bind32Build << deze map
C:\WINDOWS\System32\P2P Networking << deze map
C:\program files\altnet << deze map
H@ns
Terugkerende gebruiker
- Lid geworden
- 22 dec 2003
- Berichten
- 4.824
Alles wat in zijn Quote staat, dus:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xszta.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://xszta.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://xszta.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xszta.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xszta.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://xszta.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {F25C11A7-4B1F-5738-A16E-7A1B2A977B88} - C:\WINDOWS\system32\apppx32.dll
O4 - HKLM\..\Run: [jkizkxajm] C:\WINDOWS\System32\riauapdk.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [ntcv.exe] C:\WINDOWS\system32\ntcv.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\bridge.dll",Load
O4 - HKLM\..\Run: [meow knob] C:\PROGRA~1\Bind32Build\Test regs.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4104.exe"
O4 - HKLM\..\RunOnce: [appfo32.exe] C:\WINDOWS\appfo32.exe
O4 - HKLM\..\RunOnce: [sdknt.exe] C:\WINDOWS\sdknt.exe
O4 - HKLM\..\RunOnce: [atltn32.exe] C:\WINDOWS\atltn32.exe
O4 - HKLM\..\RunOnce: [addcm32.exe] C:\WINDOWS\addcm32.exe
O4 - HKLM\..\RunOnce: [netdp32.exe] C:\WINDOWS\netdp32.exe
O4 - HKLM\..\RunOnce: [appbc32.exe] C:\WINDOWS\system32\appbc32.exe
O4 - HKLM\..\RunOnce: [iewb32.exe] C:\WINDOWS\system32\iewb32.exe
O4 - HKLM\..\RunOnce: [apirp32.exe] C:\WINDOWS\system32\apirp32.exe
O4 - HKLM\..\RunOnce: [mfcck.exe] C:\WINDOWS\mfcck.exe
O4 - HKLM\..\RunOnce: [ntuv.exe] C:\WINDOWS\system32\ntuv.exe
O4 - HKLM\..\RunOnce: [addng32.exe] C:\WINDOWS\addng32.exe
O4 - HKLM\..\RunOnce: [javarq.exe] C:\WINDOWS\javarq.exe
O4 - HKLM\..\RunOnce: [ntfj32.exe] C:\WINDOWS\ntfj32.exe
O4 - HKLM\..\RunOnce: [d3nb.exe] C:\WINDOWS\system32\d3nb.exe
O4 - HKLM\..\RunOnce: [syszy32.exe] C:\WINDOWS\syszy32.exe
O4 - HKLM\..\RunOnce: [iput32.exe] C:\WINDOWS\system32\iput32.exe
O4 - HKLM\..\RunOnce: [atltu32.exe] C:\WINDOWS\system32\atltu32.exe
O4 - HKLM\..\RunOnce: [ipab.exe] C:\WINDOWS\ipab.exe
O4 - HKLM\..\RunOnce: [netlu32.exe] C:\WINDOWS\netlu32.exe
O4 - HKLM\..\RunOnce: [sdkzu32.exe] C:\WINDOWS\system32\sdkzu32.exe
O4 - HKLM\..\RunOnce: [d3sf.exe] C:\WINDOWS\d3sf.exe
O4 - HKLM\..\RunOnce: [winux.exe] C:\WINDOWS\winux.exe
O4 - HKLM\..\RunOnce: [addwb.exe] C:\WINDOWS\addwb.exe
O4 - HKLM\..\RunOnce: [winvj.exe] C:\WINDOWS\winvj.exe
O4 - HKLM\..\RunOnce: [javazh32.exe] C:\WINDOWS\system32\javazh32.exe
O4 - HKLM\..\RunOnce: [javaie32.exe] C:\WINDOWS\javaie32.exe
O4 - HKLM\..\RunOnce: [windj.exe] C:\WINDOWS\system32\windj.exe
O4 - HKCU\..\Run: [services.exe] "C:\WINDOWS\services.exe"
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - http://static.flingstone.com/cab/20...TInc/bridge.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll
Neem er de tijd voor, en vink ze rustig, 1 voor 1 aan. Klik daarna met een brede grijns op "Fix Checked"
Laatst bewerkt:
Ruud Wiggers
Hoi Hans/Pieter
ik hoop dat jullie mij kunnen helpen. Deze log is van een zeeer trage pc. Ik baal nu, please help me.
Logfile of HijackThis v1.97.7
Scan saved at 14:05:16, on 2-7-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS2\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = http://www.microsoft.com/msoffice/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717765721306} - C:\WINDOWS\SYSTEM\WER1306.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTRAY.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\DEFWATCH.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\RTVSCN95.EXE
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\WINDOWS\TASKMON.EXE
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
Hoi Hans/Pieter
ik hoop dat jullie mij kunnen helpen. Deze log is van een zeeer trage pc. Ik baal nu, please help me.
Logfile of HijackThis v1.97.7
Scan saved at 14:05:16, on 2-7-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS2\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = http://www.microsoft.com/msoffice/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717765721306} - C:\WINDOWS\SYSTEM\WER1306.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTRAY.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\DEFWATCH.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\RTVSCN95.EXE
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\WINDOWS\TASKMON.EXE
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
Dank je Pieter, ik zal het allemaal doorgeven, en een nieuw logje plaatsen als we klaar zijn. Echter je verwijst naar CWShredder, ik heb gelezen dat dit programmaatje door de auteur is teruggetrokken uit het publieke domein. De gegeven link en andere download links werken dan ook niet meer, misschien een idee om een exemplaar op jullie site te plaatsen?
Pieter,
hopelijk alles goed gedaan nu...hier volgt het log
Logfile of HijackThis v1.98.0
Scan saved at 14:24:01, on 2-7-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ati2sgag.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\appfo32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ntcv.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Willem\Bureaublad\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ljlji.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ljlji.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ljlji.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ljlji.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ljlji.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ljlji.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14913C42-FA8E-DBBC-21EA-6EB6CA2408BD} - C:\WINDOWS\sdkrd32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TaskMon] C:\WINDOWS\System32\taskmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Mario\Bureaublad\overig\MsgPlus.exe"
O4 - HKLM\..\Run: [ntcv.exe] C:\WINDOWS\system32\ntcv.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Demo.exe] "C:\Program Files\ABEX\Demo\Demo.exe"
O4 - Startup: Demo.lnk = C:\Program Files\ABEX\Demo\Demo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll
Re: Re: Log van coolwebsearch pop-ups probleem
Hoi Hans,
Ik heb per ongeluk twee replies geplaatst in het verkeerde venstertje, ze staan nu dus bij bovenstaand topic. Ik heb ook een werkende link geplaatst naar CWShredder, want majorgeeks, merijn, etc, waren gisteren ook al dood.
Geplaatst door H@NsiePanzzzer
Hoi itsme2,
Vink bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix Checked.
Draai hierna CWShredder door de Fix knop te gebruiken en de aanwijzingen van het programma te volgen
Start hierna opnieuw op in veilige modus, en verwijder:
C:\WINDOWS\System32\plugin.exe << deze file
Is dit allemaal achter de rug, lees dan dit topic door.
Plaats hierna een nieuw logje
Hoi Hans,
Ik heb per ongeluk twee replies geplaatst in het verkeerde venstertje, ze staan nu dus bij bovenstaand topic. Ik heb ook een werkende link geplaatst naar CWShredder, want majorgeeks, merijn, etc, waren gisteren ook al dood.
H@ns
Terugkerende gebruiker
- Lid geworden
- 22 dec 2003
- Berichten
- 4.824
ziet er alweer een stuk beter uit.
Vink bovenstaande (die dus tussen die strepen staan en vetgedrukt zijn) aan in hijackThis, sluit alle vensters behalve HijackThis en klik op Fix Checked.
Download en run hierna CWShredder
Start nu opnieuw op in veilige modus (!) en verwijder:
C:\WINDOWS\System32\P2P Networking << deze map
C:\Program Files\ABEX << deze map
C:\WINDOWS\system32\ntcv.exe << dit bestand
Volg de instructies op die hier staan:
http://www.helpmij.nl/forum/showthread.php?threadid=167599 (belangrijk!)
Plaats hierna een nieuw log.
Laatst bewerkt:
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
FOUT!! Het is deze variant: http://www.helpmij.nl/forum/showthread.php?threadid=167599
Groetjes,
Pieter
- Status
