Helpmij tegen spyware offensief (deel 5)

Status
Niet open voor verdere reacties.
Re: laatste tjek

Geplaatst door geefjemening.tk

O4 - HKLM\..\Run: [CLSID] D:\WINDOWS\System32\msgplus.exe
O4 - HKLM\..\Run: [eggs cash] D:\PROGRA~1\IDOLMU~1\frag clock.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

Klik om te vergroten...

Hoi geefjemening.tk,

Niet gelukt in veilige modus?
Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op in veilige modus en verwijder:
D:\WINDOWS\System32\msgplus.exe

Groetjes,

Pieter
 
Geplaatst door Jeroen Kampioen
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Onlinedirect/Portal/portal.html

O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [KAZAA] "C:\PROGRAM FILES\KAZAA LITE K++\KPP.EXE" "C:\PROGRAM FILES\KAZAA LITE K++\KAZAA.KPP" /SYSTRAY

O4 - HKLM\..\Run: [CLSID] C:\WINDOWS\SYSTEM\MSGPLUS.EXE

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msgked.exe

Help me uit de brand! Bijgaand een nieuwe recente log.
Klik om te vergroten...

Eerst Windows updaten. Anders is het echt hopeloos met je.

Groetjes,

Pieter
 
Geplaatst door Mercutio

Alleen in veilige modus is ie er niet.
Klik om te vergroten...

Aha. In HijackThis svp op Config > Misc Tools klikken
Dan zie je onder Generate Startuplist twee vakjes. Vink die aan en klik dan op Generate StartupList. Je krijgt dan vanzelf een text bestand. Plaats de inhoud ervan.

Even terzijde, je Windows en IE zijn niet up to date volgens je log heb je niet eens SP 1 geinstalleerd.

Groetjes,

Pieter
 
Re: ongerwenste searchweb balk

Geplaatst door lisa02


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchweb2.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html

O2 - BHO: (no name) - {25C0AC31-6387-19BC-38E9-977A7B32CDEB} - F:\PROGRA~1\ACTIVE~1\ErrorTwo.dll

O3 - Toolbar: Eggsextra - {27221636-4709-95D1-8E86-E61DDF16E93B} - F:\PROGRA~1\ACTIVE~1\ErrorTwo.dll

O4 - HKLM\..\Run: [P2P Networking] F:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [Skip64] F:\PROGRA~1\STOPDE~1\4 defy comp.exe
Klik om te vergroten...

Hoi lisa02,

Het heeft meer zin als je de oorzaak ook wegneemt.

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op in veilige modus en verwijder:
F:\PROGRAM FILES\ACTIVE~1 <= de hele map met het bestand ErrorTwo.dll erin
F:\PROGRAM FILES\STOPDE~1 <= de hele map met het bestand 4 defy comp.exe erin

Groetjes,

Pieter
 
bridge.dll foutje

Hoihoi,

Ik heb nog een computer van mijn kids,
en als ik die start krijg ik een rundll fout dat ie bridge.dll niet kan vinden.
Volgens mij heb ik dat bridge.dll ding ook helemaal niet nodig.

Ik heb AdAware én spybot gedraaid
en dit is mijn Hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 20:10:11, on 1-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolgames.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Microsoft Tray] C:\Mijn Gedeelde Map\sims no cd(All Versions).exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab



ik zou het ook niet erg vinden als onnodige startups worden verwijderd.

Groetjes,
KIDS computer Chris
 
logbestand

Logfile of HijackThis v1.97.7
Scan saved at 19:53:48, on 1-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\NORMAN\nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\nvc\BIN\nvcoas.exe
C:\NORMAN\nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\Explorer.EXE
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\WINDOWS\Mixer.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\anvshell.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\downloadamokfast\Media File Link.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
C:\Program Files\DV Series\Console\Watch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\FSG\DialerDetect\dd.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hetnet.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.hetnet.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {012192BD-B397-433E-B7A6-0DBC425BF379} - C:\WINDOWS\gpedciiE9.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Hans\DOWNLO~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HTML Web Mail Editor - {E07201D0-8DA2-4bb4-87B1-C1BAACEBF8BD} - C:\WINDOWS\Downloaded Program Files\xpy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: softoption - {F2838B30-2550-960C-E71B-3C0FA3B1585D} - (no file)
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Grid mail] C:\PROGRA~1\downloadamokfast\Media File Link.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\regmech.exe /S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Dialer Detect.lnk = C:\Program Files\FSG\DialerDetect\dd.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: Onderzoek (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://contentst.siemens.nl/content/diagnosetoetsen/simatic/webplayer/awswax.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1083702502640
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.fotovanmijnhuis.nl/plugins/huis13/nl/nl.exe
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.194.175.234:83/cgi-bin/AxisCamControl.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37862.1406828704
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E07201D0-8DA2-4BB4-87B1-C1BAACEBF8BD} (EditSource Class) - http://smartseek.info/xpy/xpy.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://home.hetnet.nl/bb/XUpload.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D704B0DA-E5AE-4A1B-AA31-953B94C5D707}: NameServer = 195.121.1.34 195.121.1.66
 
Omdat ik niet met F8 in de veilige modus kan komen had ik gelezen dat dit ook met uitvoeren:msconfig zou kunnen. Daar is dan een tab"boot.ini". Maar helaas bij mij niet
Hoe kan ik dit oplossen
 
log na scan met adaware6

veel last van iedere keer zelfde popups (reclame voor popup stopper)


Logfile of HijackThis v1.97.7
Scan saved at 21:03:55, on 1/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinMX\WinMX.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\MDM.EXE
C:\WINDOWS\system32\srxTitan.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Freddy\Bureaublad\HT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.be"); (C:\Documents and Settings\Freddy\Application Data\Mozilla\Profiles\default\80zamdgy.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Freddy\Application Data\Mozilla\Profiles\default\80zamdgy.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - C:\WINDOWS\System32\IEENHA~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinTools] C:\Pqogram Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\Adstartup.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Dexia Netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37835.3834953704
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{724473B5-3EFE-4ABE-B4C4-6DD22534E627}: NameServer = 195.238.2.22 195.238.2.21
 
Laatst bewerkt:
Hijack log:

Logfile of HijackThis v1.97.7
Scan saved at 20:43:30, on 1/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
E:\WINDOWS\System32\RunDll32.exe
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
E:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Kazaa Lite K++\KazaaLite.kpp
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
E:\Program Files\Medionkeyboard\1.3\KbdAp32A.exe
E:\Program Files\Messenger Plus! 2\MsgPlus.exe
E:\WINDOWS\System32\rundll32.exe
E:\PROGRA~1\HTMMEO~1\bodyeggsvga.exe
E:\WINDOWS\System32\NotifyPhoneBook.exe
E:\WINDOWS\System32\ctfmon.exe
E:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
E:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\PROGRA~1\WinZip\winzip32.exe
C:\Mijn documenten\Bjorn\hijack\HijackThis.exe
E:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.html?http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.200.42.118:80
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = http://www.google.be/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {89A31ACA-F486-EF2C-9159-A6C29324134F} - E:\PROGRA~1\CurbComp\eqcash.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: type amen - {5EF5B0B2-98AB-1205-21C1-2710359B9EE3} - E:\PROGRA~1\CurbComp\eqcash.dll
O4 - HKLM\..\Run: [WinDVRCtrl] E:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LWBMOUSE] E:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Medionkeyboard\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] E:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [CamMonitor] E:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KAZAA] "E:\Program Files\Kazaa Lite K++\kpp.exe" "E:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [ccRegVfy] E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] E:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Advanced Tools Check] E:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ScanRegistry] E:\W
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] E:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MessengerPlus2] "E:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [CloseDNF] E:\WINDOWS\System32\Utility.exe \1008
O4 - HKLM\..\Run: [ICQ Net] E:\WINDOWS\winlogon.exe -stealth
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Coal Bib] E:\PROGRA~1\HTMMEO~1\bodyeggsvga.exe
O4 - HKCU\..\Run: [MessengerPlus2] "E:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "E:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: ADSL USB Modem Connection.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with &XML Spy - E:\Program Files\Altova\XMLSPY\spy.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Edit with XML Spy (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy (HKCU)
O15 - Trusted Zone: messenger.hotmail.com
O15 - Trusted Zone: loginnet.passport.com
O15 - Trusted Zone: login.passport.net
O15 - Trusted Zone: memberservicesnet.passport.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {214868A8-F71B-473E-8ECF-6EE1DE6B91D8} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37609.1931597222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28177.cab
 
Geplaatst door lisa02
Omdat ik niet met F8 in de veilige modus kan komen had ik gelezen dat dit ook met uitvoeren:msconfig zou kunnen. Daar is dan een tab"boot.ini". Maar helaas bij mij niet
Hoe kan ik dit oplossen
Klik om te vergroten...


Misschien zou je even je fabrikant van je PC moeten bellen, die kunnen het je haarfijn uitleggen. Ik zit hier namelijk met een Packardbell PCtje en daar is aardig wat mee gerommeld qua F-toetsen etc
 
fantastic

Geplaatst door Pieter Arntz


Hoi Gebruiker12,

In IE klik je op Extra > Internet-opties > tabblad Algemeen > Bestanden verwijderen > in het bevestigingsvenster zet je een vinkje bij Ook alle Off-line items verwijderen.

Groetjes,

Pieter
Klik om te vergroten...


Hallo Pieter,
YES!!!!!!!!!
De virus is eruit....de spyware is weg....jullie zijn echt geweldig....ik ben er wel daaaaaaaaaagen mee bezig geweest hoor....en maar zoeken en aanwijzingen opvolgen...maarrrr...wat leer ik veeel!!!

Nog 1 vraagje...er komt ook veel email spam binnen en i k heb nu MAILWASHER geïnstalleerd...is die goed??

Groetjes Gebruiker12.
 
Re: fantastic

Geplaatst door Gebruiker12



Hallo Pieter,
YES!!!!!!!!!
De virus is eruit....de spyware is weg....jullie zijn echt geweldig....ik ben er wel daaaaaaaaaagen mee bezig geweest hoor....en maar zoeken en aanwijzingen opvolgen...maarrrr...wat leer ik veeel!!!

Nog 1 vraagje...er komt ook veel email spam binnen en i k heb nu MAILWASHER geïnstalleerd...is die goed??

Groetjes Gebruiker12.
Klik om te vergroten...

MailWasher is inderdaad een goed programma :thumb:
 
issie nu wel helemaal schoon? (in de veilige modus is trouwens wel gelukt, eerste keer msg plus in system32 verwijderd, 2e keer dat je vroeg of t was gelukt wassie al weg) zie je nog wat? zeg t dan maar weer. wel toppie trouwes dat jullie dit allemaal gratis willen doen!!!:D:thumb:
groetjes, Bart

Logfile of HijackThis v1.97.7
Scan saved at 21:37:17, on 1-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
F:\Program Files\Messenger Plus! 2\MsgPlus.exe
D:\WINDOWS\System32\ctfmon.exe
F:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MessengerPlus2] "F:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1076542618982
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
Hoi Olav/Pieter/wie dan ook! :)

Ik heb al gescanned met Ad Aware 6... hij vond er 36 en heb er meteen korte metten meegemaakt...

Hijackthis vond daarna nog:

Logfile of HijackThis v1.97.7
Scan saved at 21:30:48, on 1-6-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\P2P Networking\P2P Networking.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\WINNT\system32\internat.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Margot Fonkert\Desktop\Schoonmaakprogrammas\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [hpfsched] C:\WINNT\hpfsched.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [msmc] C:\WINNT\system32\msgked.exe
O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnce
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: Messenger Addon (HKLM)
O9 - Extra 'Tools' menuitem: &Messenger Addon (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_cracks.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37926.18625
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
 
Re: bridge.dll foutje

Geplaatst door Chris10e

R3 - Default URLSearchHook is missing
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [Microsoft Tray] C:\Mijn Gedeelde Map\sims no cd(All Versions).exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
Klik om te vergroten...

Hoi Chris10e,

Incredimail en Office zijn echte twijfelgevallen. Als je ze niet altijd nodig hebt kun je ze mee aanvinken.

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op in veilige modus en verwijder:
C:\Program Files\MyWebSearch <= de hele map

Groetjes,

Pieter
 
Laatst bewerkt:
Re: logbestand

Geplaatst door hansh39

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {012192BD-B397-433E-B7A6-0DBC425BF379} - C:\WINDOWS\gpedciiE9.dll

O2 - BHO: HTML Web Mail Editor - {E07201D0-8DA2-4bb4-87B1-C1BAACEBF8BD} - C:\WINDOWS\Downloaded Program Files\xpy.dll

O3 - Toolbar: softoption - {F2838B30-2550-960C-E71B-3C0FA3B1585D} - (no file)

O4 - HKLM\..\Run: [Grid mail] C:\PROGRA~1\downloadamokfast\Media File Link.exe

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab

O16 - DPF: {E07201D0-8DA2-4BB4-87B1-C1BAACEBF8BD} (EditSource Class) - http://smartseek.info/xpy/xpy.cab
Klik om te vergroten...

Hoi hansh39,

Zou je mij dit bestand willen mailen voor je begint:
C:\WINDOWS\Downloaded Program Files\xpy.dll
=>Klik hier<=

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op in veilige modus en verwijder:
C:\PROGRAM FILES\downloadamokfast <= de hele map

Groetjes,

Pieter
 
Geplaatst door dvrslype

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - C:\WINDOWS\System32\IEENHA~1.DLL

O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)

O4 - HKLM\..\Run: [WinTools] C:\Pqogram Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\Adstartup.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
Klik om te vergroten...

Hoi dvrslype,

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op in veilige modus en verwijder:
C:\Program Files\Internet Optimizer <= de hele map
C:\Pqogram Files\Common files\WinTools <= de hele map

Wil je me dit bestand eens mailen:
C:\WINDOWS\System32\Adstartup.exe
=>Klik hier<=

Groetjes,

Pieter
 
Geplaatst door blardo


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.html?[url]http://www.google.be/[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {89A31ACA-F486-EF2C-9159-A6C29324134F} - E:\PROGRA~1\CurbComp\eqcash.dll

O3 - Toolbar: type amen - {5EF5B0B2-98AB-1205-21C1-2710359B9EE3} - E:\PROGRA~1\CurbComp\eqcash.dll

O4 - HKLM\..\Run: [KAZAA] "E:\Program Files\Kazaa Lite K++\kpp.exe" "E:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY

O4 - HKLM\..\Run: [ICQ Net] E:\WINDOWS\winlogon.exe -stealth

O4 - HKLM\..\Run: [Coal Bib] E:\PROGRA~1\HTMMEO~1\bodyeggsvga.exe
Klik om te vergroten...

Hoi blardo,

Als je Hotmail hebt en je account is nog niet gekraakt verander dan zsm je wachtwoord.

Vink de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op in veilige modus en verwijder:
E:\Program Files\CurbComp
E:\Program Files\HTMMEO~1 <= de hele map met het bestand bodyeggsvga.exe erin.
E:\WINDOWS\winlogon.exe <= LET OP: Dit is de echte E:\WINDOWS\system32\winlogon.exe dus laat die met rust

Groetjes,

Pieter
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan