Helpmij tegen spyware offensief (deel 5)
- Onderwerp starter m@rio
- Startdatum
- Status
VolgensBartjes
Gebruiker
- Lid geworden
- 31 mei 2004
- Berichten
- 211
Re: Re: mijn log file, k heb alle dingen gedaan uit de uitleg.
van het onderste rijtje heb k de mappen ff nagekeken, en alles mag idd weg, maar msgplus.exe (msn plus) hou ik toch liever, kan dit kwaad? zo ja, wat? de rest zal k uitvoeren. en hoe kom ik in de veilige modus? (het enigste wat ik zou weten is je comp ver*****n en dattie automatisch r in komt
) alvast bedankt,
groeten, Bart
van het onderste rijtje heb k de mappen ff nagekeken, en alles mag idd weg, maar msgplus.exe (msn plus) hou ik toch liever, kan dit kwaad? zo ja, wat? de rest zal k uitvoeren. en hoe kom ik in de veilige modus? (het enigste wat ik zou weten is je comp ver*****n en dattie automatisch r in komt
) alvast bedankt,groeten, Bart
H@ns
Terugkerende gebruiker
- Lid geworden
- 22 dec 2003
- Berichten
- 4.824
Geefjemening.tk,
als je MSN+ MET sponsors hebt geinstalleerd zou ik het zo gauw mogelijk verwijderen, een nieuw logje op het forum plaatsen, alles verwijderen wat er verwijderd mag worden, en daarna MSN PLus ZONDER sponsors installeren. Kijk uit, in het laatste schermpje voor de installatie lijkt het net alsof je iets MOET accepteren, dit hoeft niet, je moet iets aanvinken zoals "Ik accepteer dit niet"
als je MSN+ MET sponsors hebt geinstalleerd zou ik het zo gauw mogelijk verwijderen, een nieuw logje op het forum plaatsen, alles verwijderen wat er verwijderd mag worden, en daarna MSN PLus ZONDER sponsors installeren. Kijk uit, in het laatste schermpje voor de installatie lijkt het net alsof je iets MOET accepteren, dit hoeft niet, je moet iets aanvinken zoals "Ik accepteer dit niet"
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: Re: Re: mijn log file, k heb alle dingen gedaan uit de uitleg.
De echte msgplus.exe staat hier:
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
Degene die ik aangaf is een dialer.
Groetjes,
Pieter
Geplaatst door geefjemening.tk
van het onderste rijtje heb k de mappen ff nagekeken, en alles mag idd weg, maar msgplus.exe (msn plus) hou ik toch liever, kan dit kwaad? zo ja, wat? de rest zal k uitvoeren. en hoe kom ik in de veilige modus? (het enigste wat ik zou weten is je comp ver*****n en dattie automatisch r in komt
groeten, Bart
De echte msgplus.exe staat hier:
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
Degene die ik aangaf is een dialer.
Groetjes,
Pieter
VolgensBartjes
Gebruiker
- Lid geworden
- 31 mei 2004
- Berichten
- 211
maar nu k msn plus 2 heb moek m dus nie verwijdere?Geplaatst door H@NsiePanzzzer
Oh ik zie dat je nog MSN Plus 2 hebt, hier werkt het weer anders. In MSN Plus! 3 werkt het wel zoals ik in mijn vorige post zei
VolgensBartjes
Gebruiker
- Lid geworden
- 31 mei 2004
- Berichten
- 211
ik heb btw zonder reclame
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: Re: Re: Re: mijn log file, k heb alle dingen gedaan uit de uitleg.
Kijk nou effe.
Geplaatst door Pieter Arntz
De echte msgplus.exe staat hier:
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
Degene die ik aangaf is een dialer.
Groetjes,
Pieter
Kijk nou effe.
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Dus het komt gewoon net zo hard weer terug.
Aantal vraagjes:
- Kun je Windows en IE updaten?
- Gebruik je SpywareBlaster?
- Wanneer wordt je weer gehijacked?
(Is dat als je opnieuw opstart of als je IE opent of als je verbinding maakt met internet?)
Groetjes,
Pieter
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: bedankt
Hoi RubberDuckie,
Als je verborgen bestanden en mappen zichtbaar maakt kun je de Local Settings map zien en het bestand er zelf uit mikken. Let wel op, meestal doet iets anders het dan ook niet meer.
Groetjes,
Pieter
Hoi RubberDuckie,
Als je verborgen bestanden en mappen zichtbaar maakt kun je de Local Settings map zien en het bestand er zelf uit mikken. Let wel op, meestal doet iets anders het dan ook niet meer.
Groetjes,
Pieter
VolgensBartjes
Gebruiker
- Lid geworden
- 31 mei 2004
- Berichten
- 211
jah, sorry, k hed ff nie dor dat r 2 tegelijk waren, maar hoe kom k in de veilige modus?
groetjes, Bart
groetjes, Bart
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Unzip hijackthis.exe eerst naar een aparte map. Het programma maakt backups in de map waar de .exe zich bevindt. In een Temp map verdwijnen die nogal gemakkelijk.
Vink dan de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.
Start daarna opnieuw op in veilige modus enverwijder:
C:\PROGRAM FILES\32AUDI~1 <= de hele map met het bestand PARTEQ.dll erin
C:\PROGRAM FILES\JUNKME~1 <= de hele map met het bestand BOLTANTIGREAT.exe erin
Groetjes,
Pieter
VolgensBartjes
Gebruiker
- Lid geworden
- 31 mei 2004
- Berichten
- 211
laatste tjek
kun je nog ff een laatste check doen bij dit log? (me iritante dinge zijn weg, maar misschien zie je nog wat staan wat r niet thuishoort) :
Logfile of HijackThis v1.97.7
Scan saved at 18:00:54, on 1-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
F:\Program Files\Messenger Plus! 2\MsgPlus.exe
D:\WINDOWS\System32\ctfmon.exe
F:\Program Files\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MessengerPlus2] "F:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [CLSID] D:\WINDOWS\System32\msgplus.exe
O4 - HKLM\..\Run: [eggs cash] D:\PROGRA~1\IDOLMU~1\frag clock.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1076542618982
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
alvast bedankt!!
groeten, Bart.
kun je nog ff een laatste check doen bij dit log? (me iritante dinge zijn weg, maar misschien zie je nog wat staan wat r niet thuishoort) :
Logfile of HijackThis v1.97.7
Scan saved at 18:00:54, on 1-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
F:\Program Files\Messenger Plus! 2\MsgPlus.exe
D:\WINDOWS\System32\ctfmon.exe
F:\Program Files\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MessengerPlus2] "F:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [CLSID] D:\WINDOWS\System32\msgplus.exe
O4 - HKLM\..\Run: [eggs cash] D:\PROGRA~1\IDOLMU~1\frag clock.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1076542618982
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
alvast bedankt!!
groeten, Bart.
Jeroen Kampioen
Gebruiker
- Lid geworden
- 24 feb 2003
- Berichten
- 121
Spyware-experts,
ik postte enkele dagen geleden een bericht waaruit jullie constateerden dat ik het zogenaamde BugBear-virus op mijn computer had staan. Ik heb nu die online virusscanner gebruikt, en deze geeft aan dat er inderdaad nog wat op staat na alle handelingen die ik heb gedaan. Ze kunnen echter niet gecleaned of verwijderd worden. De Fix-tool van Symantic voor BugBear gaf net echter aan dat ik geen BugBear-virus io m'n computer heb!?!?
Help me uit de brand! Bijgaand een nieuwe recente log.
Logfile of HijackThis v1.97.7
Scan saved at 18:08:22, on 1-6-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\LOADQM.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\KAZAA LITE K++\KAZAA.KPP
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HI-JACK THIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://subscriber.chello.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door chello broadband n.v.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ams.chello.nl:8080
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Onlinedirect/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [KAZAA] "C:\PROGRAM FILES\KAZAA LITE K++\KPP.EXE" "C:\PROGRAM FILES\KAZAA LITE K++\KAZAA.KPP" /SYSTRAY
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CLSID] C:\WINDOWS\SYSTEM\MSGPLUS.EXE
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msgked.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://subscriber.chello.nl
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
ik postte enkele dagen geleden een bericht waaruit jullie constateerden dat ik het zogenaamde BugBear-virus op mijn computer had staan. Ik heb nu die online virusscanner gebruikt, en deze geeft aan dat er inderdaad nog wat op staat na alle handelingen die ik heb gedaan. Ze kunnen echter niet gecleaned of verwijderd worden. De Fix-tool van Symantic voor BugBear gaf net echter aan dat ik geen BugBear-virus io m'n computer heb!?!?
Help me uit de brand! Bijgaand een nieuwe recente log.
Logfile of HijackThis v1.97.7
Scan saved at 18:08:22, on 1-6-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\LOADQM.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\KAZAA LITE K++\KAZAA.KPP
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HI-JACK THIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://subscriber.chello.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door chello broadband n.v.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ams.chello.nl:8080
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Onlinedirect/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [KAZAA] "C:\PROGRAM FILES\KAZAA LITE K++\KPP.EXE" "C:\PROGRAM FILES\KAZAA LITE K++\KAZAA.KPP" /SYSTRAY
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CLSID] C:\WINDOWS\SYSTEM\MSGPLUS.EXE
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msgked.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://subscriber.chello.nl
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
Ja het blijft idd terug komen echt een hardnekkig ding
Ja ik kan windows updaten en IE updaten zonder probleem heb ik eergisteren nog gedaan maar dat heeft niks uitgemaakt.
SpywareBlaster nee dat gebruik ik niet.
Vanaf ik opnieuw opstart is het er gewoon of ik nu verbinding heb met internet of niet. Alleen in veilige modus is ie er niet.
moniekpriems
Gebruiker
- Lid geworden
- 21 mei 2004
- Berichten
- 7
slecht afsluiten computer
hallo H@nsie panzzzer
waarom ik mijn berichtje hier plaats? ik wou reageren op mijn bericht in deel 4 maar dat was gesloten.
hier nog maals mijn hijack log
gescand met adware 6
Logfile of HijackThis v1.97.7
Scan saved at 19:05:28, on 1-6-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MEDIAPAC\VI_GRM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\AGROVISION\IBMS\CMVTAAK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\TWAIN_32\1200 UB\WATCH.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\MONIEK\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zuivel.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zuivel.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.zuivel.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ilse.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer van Het Net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F1 - win.ini: load=C:\MEDIAPAC\vi_grm.exe
F1 - win.ini: run=hpfsched
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [Agrovision taakplanner] C:\PROGRA~1\AGROVI~1\IBMS\CMVTAAK.EXE
O4 - HKLM\..\Run: [RegistryMechanic] C:\PROGRAM FILES\REGISTRY MECHANIC\REGMECH.exe /QS
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\1200 UB\WATCH.exe
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
alvast bedankt, moniek
hallo H@nsie panzzzer
waarom ik mijn berichtje hier plaats? ik wou reageren op mijn bericht in deel 4 maar dat was gesloten.
hier nog maals mijn hijack log
gescand met adware 6
Logfile of HijackThis v1.97.7
Scan saved at 19:05:28, on 1-6-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MEDIAPAC\VI_GRM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\AGROVISION\IBMS\CMVTAAK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\TWAIN_32\1200 UB\WATCH.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\MONIEK\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zuivel.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zuivel.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.zuivel.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ilse.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer van Het Net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F1 - win.ini: load=C:\MEDIAPAC\vi_grm.exe
F1 - win.ini: run=hpfsched
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [Agrovision taakplanner] C:\PROGRA~1\AGROVI~1\IBMS\CMVTAAK.EXE
O4 - HKLM\..\Run: [RegistryMechanic] C:\PROGRAM FILES\REGISTRY MECHANIC\REGMECH.exe /QS
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\1200 UB\WATCH.exe
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
alvast bedankt, moniek
ongerwenste searchweb balk
Spybot vindt niets maar in de hijack gegevens zie ik een aantal keer searchweb genoemd. Graag advies of ik deze mag verwijderen. alvast bedankt
Logfile of HijackThis v1.97.3
Scan saved at 19:08:19, on 1-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
F:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
F:\WINDOWS\System32\drivers\CDAC11BA.EXE
F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Program Files\Executive Software\DiskeeperLite\DKService.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
F:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
F:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
F:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
F:\WINDOWS\system32\winlogon.exe
F:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
F:\Program Files\McAfee\McAfee VirusScan\AvConsol.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
F:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
F:\Program Files\Analog Devices\SoundMAX\SMTray.exe
F:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
F:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
F:\Program Files\Netropa\Onscreen Display\OSD.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\System32\P2P Networking\P2P Networking.exe
F:\Program Files\Real\RealPlayer\RealPlay.exe
F:\PROGRA~1\STOPDE~1\4 defy comp.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\Program Files\AutoSizer\AutoSizer.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\ANT 4 MailChecking\ant4mc.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\van der Deijl\Local Settings\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchweb2.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {25C0AC31-6387-19BC-38E9-977A7B32CDEB} - F:\PROGRA~1\ACTIVE~1\ErrorTwo.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\Msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Eggsextra - {27221636-4709-95D1-8E86-E61DDF16E93B} - F:\PROGRA~1\ACTIVE~1\ErrorTwo.dll
O4 - HKLM\..\Run: [Alogserv] F:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [Smapp] F:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] F:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pop3Easy] F:\Program Files\AderA Software\POP3 Easy\pop3easy.exe
O4 - HKLM\..\Run: [P2P Networking] F:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Skip64] F:\PROGRA~1\STOPDE~1\4 defy comp.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AutoSizer] "F:\Program Files\AutoSizer\AutoSizer.exe" /h
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "F:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MailCheck] F:\Program Files\PPSOFT.DK\PP_MailCheck\mailck.exe
O4 - Startup: ANT 4 MailChecking.lnk = F:\Program Files\ANT 4 MailChecking\ant4mc.exe
O4 - Startup: LetterBox.lnk = F:\Documents and Settings\van der Deijl\Bureaublad\LetterBox.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37890.2050925926
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF78F393-5D14-4474-9A45-8045FF2243E1}: NameServer = 195.121.1.34 195.121.1.66
Spybot vindt niets maar in de hijack gegevens zie ik een aantal keer searchweb genoemd. Graag advies of ik deze mag verwijderen. alvast bedankt
Logfile of HijackThis v1.97.3
Scan saved at 19:08:19, on 1-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
F:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
F:\WINDOWS\System32\drivers\CDAC11BA.EXE
F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Program Files\Executive Software\DiskeeperLite\DKService.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
F:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
F:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
F:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
F:\WINDOWS\system32\winlogon.exe
F:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
F:\Program Files\McAfee\McAfee VirusScan\AvConsol.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
F:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
F:\Program Files\Analog Devices\SoundMAX\SMTray.exe
F:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
F:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
F:\Program Files\Netropa\Onscreen Display\OSD.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\System32\P2P Networking\P2P Networking.exe
F:\Program Files\Real\RealPlayer\RealPlay.exe
F:\PROGRA~1\STOPDE~1\4 defy comp.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\Program Files\AutoSizer\AutoSizer.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\ANT 4 MailChecking\ant4mc.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\van der Deijl\Local Settings\Temp\Tijdelijke map 2 voor hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchweb2.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {25C0AC31-6387-19BC-38E9-977A7B32CDEB} - F:\PROGRA~1\ACTIVE~1\ErrorTwo.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\Msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Eggsextra - {27221636-4709-95D1-8E86-E61DDF16E93B} - F:\PROGRA~1\ACTIVE~1\ErrorTwo.dll
O4 - HKLM\..\Run: [Alogserv] F:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [Smapp] F:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] F:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pop3Easy] F:\Program Files\AderA Software\POP3 Easy\pop3easy.exe
O4 - HKLM\..\Run: [P2P Networking] F:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Skip64] F:\PROGRA~1\STOPDE~1\4 defy comp.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AutoSizer] "F:\Program Files\AutoSizer\AutoSizer.exe" /h
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "F:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MailCheck] F:\Program Files\PPSOFT.DK\PP_MailCheck\mailck.exe
O4 - Startup: ANT 4 MailChecking.lnk = F:\Program Files\ANT 4 MailChecking\ant4mc.exe
O4 - Startup: LetterBox.lnk = F:\Documents and Settings\van der Deijl\Bureaublad\LetterBox.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37890.2050925926
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF78F393-5D14-4474-9A45-8045FF2243E1}: NameServer = 195.121.1.34 195.121.1.66
- Status
