Helpmij tegen spyware offensief (deel 5)

Robin Hood · 3 jun 2004

Spyware verwijderen

Hallo,

Gaarne advies over wat weg mag en evt. overbodige opstart-items.

Specifiek probleem heb ik dat er af en toe de IE-connectie er een tijdje uit ligt. Na een tijdje is er weer connectie.

Heb met AdAware gescand en ik draai op XP Home.

Logfile of HijackThis v1.97.7
Scan saved at 16:19:11, on 3-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\Snelkiezer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startkabel.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startkabel.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Snelkiezer] C:\WINDOWS\Snelkiezer_.exe /quiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (chelloInstall.Install) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (LaunchApp.clsDefault) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB

bvd
Groetjes,

ROBIN

Pieter Arntz · 3 jun 2004

Re: Spyware verwijderen

Geplaatst door Robin Hood
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE ***

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime ***

Hoi Robin,

*** zijn overbodig.

Wat is dit:
O4 - HKLM\..\Run: [Snelkiezer] C:\WINDOWS\Snelkiezer_.exe /quiet ?

Groetjes,

Pieter

pdka · 3 jun 2004

Geplaatst door Pieter Arntz

Als je toch vanavond pas tijd hebt gebruik dan http://www.spywareinfo.com/~merijn/files/CWShredder.exe

Zorg wel dat je versie 1.58.0 hebt, die verwijderd deze versie.
Dan hoef je niet zelf nar dat bestand te speueren en ok niet te vertellen of hij er was. Het register wordt dan ook hersteld.

Het is overigens geen Windows bestand.

Groetjes,

Pieter

OK. Bedankt alvast. Groet, pdka

Robin Hood · 3 jun 2004

Reactie op advies

Ha Pieter, dat is snel.

Wist het ook niet wat snelkiezer is, heb hem maar geopend. Blijkt een prgr. te zijn om snel een verbinding met een site te krijgen of zo.

Lijkt me troep.

gewoon verwijderen?

groetjes,

Robin

Pieter Arntz · 3 jun 2004

Re: Reactie op advies

Geplaatst door Robin Hood
Ha Pieter, dat is snel.

Wist het ook niet wat snelkiezer is, heb hem maar geopend. Blijkt een prgr. te zijn om snel een verbinding met een site te krijgen of zo.

Lijkt me troep.

gewoon verwijderen?

Stuur hem eens naar mij. Misschien zijn ze er bij AdAware en zo wel in geinteresseerd.

email adres

Groetjes,

Pieter

diekkie · 3 jun 2004

Re: Re: log file hijack diekkie

Geplaatst door Pieter Arntz

Hoi diekkie,

Heb je deze zelf gemaakt?

O4 - Startup: desktop(2).ini
O4 - Global Startup: desktop(2).ini

Vink in ieder geval het gequote gedeelte aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start dan opnieuw op.

Als je twijfelt over desktop.ini, kun je het bestand ook opzoeken en het openen in kladblok.

Post dan maar wat er in staat.

Groetjes,

Pieter

Nee deze heb ik niet gemaakt, ik ga nu ff kijken wat erin staat.

Desktop(2).ini Daar staat in:

[.ShellClassInfo]
IconFile=_vti_pvt/fpdbw.ico
IconIndex=0
ConfirmFileOp=0
InfoTip=Stores your local web site

H@ns · 3 jun 2004

Graag even een check of alles nog steeds goed is:

Ad Aware gerund, vond 1 registry value en 4 files
Spybot vond de welbekende DSO Exploit

Logfile of HijackThis v1.97.7
Scan saved at 6:40:47 PM, on 6/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Hijackthis 1.977\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.helpmij.nl/forum/index.php?s=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.lavasoftsupport.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Packard Bell (HKLM)
O9 - Extra button: Onderzoek (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38133.2608101852
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EDBA85E-AFAC-4837-BE08-9BACEF699FF4}: NameServer = 212.45.33.3 212.45.32.3

Mogen deze weg? ik dacht, er staan geen links achter dus... graag ook ff uitleggen als ze NIET wegmogen

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =

BVD,

Hans

JoopF · 3 jun 2004

Hallo,

Zu je hier eens naar willen kijken svp ?

Wat is/doet lsrv.exe ?

Logfile of HijackThis v1.97.7
Scan saved at 15:51:35, on 3-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\Hcontrol.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\ATKOSD.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\PROGRA~1\NORTON~2\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\dpps2.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\lsrv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\CH_Utility.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Documents and Settings\Joop Foppe\Mijn documenten\Programma's\Hijack this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.asus.com.tw/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\Hcontrol.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~2\dpps2.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Chrontel TV.lnk = C:\WINDOWS\system32\CH_Utility.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Onderzoek (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://virusscan.zdnet.nl/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37936.307974537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Bedankt,
Joop

Systemizer X100 · 3 jun 2004

Ik zet alweer mijn log hier omdat mijn computer echt heel sloom is geworden en programma's niet meer afsluiten.

Logfile of HijackThis v1.97.7
Scan saved at 18:52:24, on 3-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\lrdsvr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\intdrv.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
D:\Program Files 2\Browsers\Mozilla\mozilla.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
C:\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [sysfrcx] C:\WINDOWS\System32\sysfrcx.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [svcSystem] C:\WINDOWS\System32\lrdsvr.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Natural Reader (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Flash (HKCU)
O15 - Trusted Zone: www.download.com
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/pcpitstop.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1080385660858
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38073.0439814815
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6B72B91-7AC8-42A3-9545-A38C12700F6B} (JamagicCtl Class) - http://www.clickteam.com/~webftp/files/Jamagic/jamagic.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by16fd.bay16.hotmail.msn.com/activex/HMAtchmt.ocx

Seabert · 3 jun 2004

Alweer bedankt Pieter ook namens de vriendin :thumb:

MzzL
SeaB

pdka · 3 jun 2004

Geplaatst door Pieter Arntz

Als je toch vanavond pas tijd hebt gebruik dan http://www.spywareinfo.com/~merijn/files/CWShredder.exe

Zorg wel dat je versie 1.58.0 hebt, die verwijderd deze versie.
Dan hoef je niet zelf nar dat bestand te speueren en ok niet te vertellen of hij er was. Het register wordt dan ook hersteld.

Het is overigens geen Windows bestand.

Groetjes,

Pieter

Hallo Pieter,

Probleem is opgelost! Op de manier zoals je eerder aangaf (handmatig dus). Mijn dank is groot!

Groet, pdka

patte2k · 3 jun 2004

ik gebruik Windows98

--> onnodige startupitems mogen ook verwijderd worden.

**Alvast bedankt!**

Logfile of HijackThis v1.97.7
Scan saved at 20:01:09, on 3/06/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\ADVANCED MESSENGER PLUS\ADVMSG.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\PROFILES\PATRICK AERTS\MIJN DOCUMENTEN\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://mommykiss.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mommykiss.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mommykiss.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vada.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:24491;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [TimeUp] C:\PROGRAM FILES\TIMEUP\TimeUp.exe /T
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LCMBOOT] \caplboot.exe
O4 - HKLM\..\Run: [RegKillTray] C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
O4 - HKLM\..\Run: [ElbyCheckRegKill] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Advanced Messenger Plus.lnk = C:\Program Files\Advanced Messenger Plus\AdvMsg.exe
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - User Startup: Advanced Messenger Plus.lnk = C:\Program Files\Advanced Messenger Plus\AdvMsg.exe
O4 - User Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
O4 - User Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Real.com (HKLM)
O11 - Options group: [TOEGANKELIJKHEID] Toegankelijkheid
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/nl/win/QuickTimeInstaller.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.refurbdepot.com/CFIDE/classes/CFJava.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\mechanicaldesktop\AcPreview.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\mechanicaldesktop\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\mechanicaldesktop\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\mechanicaldesktop\InstFred.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38050.0439351852
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/31750e24e46c5c0fa806/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/148119a2571ca3/housecall.antivirus.com/housecall/xscan53.cab

Pieter Arntz · 3 jun 2004

Re: Re: Re: log file hijack diekkie

Geplaatst door diekkie

Nee deze heb ik niet gemaakt, ik ga nu ff kijken wat erin staat.

Desktop(2).ini Daar staat in:

[.ShellClassInfo]
IconFile=_vti_pvt/fpdbw.ico
IconIndex=0
ConfirmFileOp=0
InfoTip=Stores your local web site

Gelukkig niets kwaadaardigs. Komt door FrontPage.

Groetjes,

Pieter

Pieter Arntz · 3 jun 2004

Geplaatst door H@NsiePanzzzer
Mogen deze weg? ik dacht, er staan geen links achter dus... graag ook ff uitleggen als ze NIET wegmogen

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =

BVD,

Hans

Je mag ze van mij laten fixen, maar of je het verschil ooit merkt.

Deze staat ook zonder link.
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) -
Kijk even of die lokaal nog wel opgeslagen staat.

Groetjes,

Pieter

lineke57 · 3 jun 2004

hijack this log

Hallo,

Zouden jullie eens naar mijn ad aware en hijack this log willen kijken mijn computer is erg traag, blijft veel vast zitten en gaat uit zichzelf op internet en toont dan allerlei spyware.
Alles waarvan je denkt dat overbodig is graag aangeven.
Alvast bedankt.

Lineke

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :donderdag 3 juni 2004 20:41:14
Created with Ad-aware Personal, free for private use.
Using reference-file :01R314 02.06.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry

3-6-04 20:41:14 - Scan started. (Custom mode)

Deep scanning and examining files (C

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

SecondThought Object recognized!
Type : File
Data : idleui.dll
Object : C:\WINDOWS\SYSTEM\
FileSize : 40 KB
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
Copyright : Copyright (C) 2003
CompanyName : Copyright (C) 2003
FileDescription : IdleUI Dynamic Link Library
InternalName : IdleUI
OriginalFilename : IdleUI.dll
ProductName : IdleUI Dynamic Link Library
Created on : 1-6-04 18:52:28
Last accessed : 2-6-04 22:00:00
Last modified : 1-6-04 18:52:30

WinFavorites Object recognized!
Type : File
Data : bridge.dll
Object : C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
FileSize : 68 KB
FileVersion : 1, 0, 0, 117
ProductVersion : 1, 0, 0, 117
Copyright : Copyright 2003
FileDescription : bridge Module
InternalName : bridge
OriginalFilename : bridge.DLL
ProductName : bridge Module
Created on : 19-3-04 9:47:32
Last accessed : 2-6-04 22:00:00
Last modified : 19-3-04 9:47:32

SecondThought Object recognized!
Type : File
Data : install026.exe
Object : C:\WINDOWS\Downloaded Program Files\
FileSize : 23 KB
Created on : 1-6-04 18:52:19
Last accessed : 2-6-04 22:00:00
Last modified : 1-6-04 18:52:20

VX2.BetterInternet Object recognized!
Type : File
Data : bdl14108[1].exe
Object : C:\WINDOWS\Temporary Internet Files\Content.IE5\4TUZ412P\
FileSize : 64 KB
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
Copyright : BetterInternet, Inc.
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
OriginalFilename : InstUtil.exe
ProductName : Install Utility
Created on : 1-6-04 19:36:41
Last accessed : 2-6-04 22:00:00
Last modified : 1-6-04 19:36:42

SecondThought Object recognized!
Type : File
Data : stc[1].exe
Object : C:\WINDOWS\Temporary Internet Files\Content.IE5\B28JBLC9\
FileSize : 87 KB
FileVersion : 8.0.7.1
ProductVersion : 8.0.7.1
Copyright : Copyright (C) 2003
CompanyName : Copyright (C) 2003
FileDescription : Second Thought
InternalName : STC
OriginalFilename : STC.exe
ProductName : STC Application
Created on : 1-6-04 18:52:26
Last accessed : 2-6-04 22:00:00
Last modified : 1-6-04 18:52:28

SecondThought Object recognized!
Type : File
Data : idleui[1].dll
Object : C:\WINDOWS\Temporary Internet Files\Content.IE5\OPQFOPYV\
FileSize : 40 KB
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
Copyright : Copyright (C) 2003
CompanyName : Copyright (C) 2003
FileDescription : IdleUI Dynamic Link Library
InternalName : IdleUI
OriginalFilename : IdleUI.dll
ProductName : IdleUI Dynamic Link Library
Created on : 1-6-04 18:52:28
Last accessed : 2-6-04 22:00:00
Last modified : 1-6-04 18:52:30

AdRotator Object recognized!
Type : File
Data : slmss[1].exe
Object : C:\WINDOWS\Temporary Internet Files\Content.IE5\R3HZNDGW\
FileSize : 55 KB
FileVersion : 1, 0, 0, 31
ProductVersion : 1, 0, 0, 31
Created on : 1-6-04 18:52:30
Last accessed : 2-6-04 22:00:00
Last modified : 1-6-04 18:52:32

ClearSearch Object recognized!
Type : File
Data : clrschp070[1].exe
Object : C:\WINDOWS\Temporary Internet Files\Content.IE5\CJ3ZEODX\
FileSize : 76 KB
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
Copyright : Copyright
CompanyName : Clear Search
FileDescription : Loader
InternalName : Loader
OriginalFilename : Loader.exe
ProductName : Loader
Created on : 1-6-04 18:52:31
Last accessed : 2-6-04 22:00:00
Last modified : 1-6-04 18:52:32

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@tripod[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 23-3-04 21:33:44
Last accessed : 28-3-04 22:00:00
Last modified : 23-3-04 21:33:46

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@kliks[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 3-6-04 17:42:09
Last accessed : 2-6-04 22:00:00
Last modified : 3-6-04 17:42:10

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@klo[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 18-3-04 17:53:27
Last accessed : 29-3-04 22:00:00
Last modified : 18-3-04 17:53:28

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@kliks[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 27-3-04 14:52:59
Last accessed : 27-3-04 22:00:00
Last modified : 27-3-04 14:53:00

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@cgi-bin[3].txt
Object : C:\WINDOWS\Cookies\

Created on : 29-5-04 12:26:54
Last accessed : 28-5-04 22:00:00
Last modified : 29-5-04 12:26:56

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@promo.match[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 26-3-04 16:06:07
Last accessed : 27-3-04 22:00:00
Last modified : 26-3-04 16:06:08

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@doubleclick[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 11-5-04 16:49:41
Last accessed : 2-6-04 22:00:00
Last modified : 11-5-04 16:49:42

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@euniverseads[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 11-5-04 16:49:32
Last accessed : 10-5-04 22:00:00
Last modified : 11-5-04 16:49:34

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@bravenet[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 1-6-04 18:52:17
Last accessed : 31-5-04 22:00:00
Last modified : 1-6-04 18:52:18

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@qksrv[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 19-5-04 14:13:56
Last accessed : 31-5-04 22:00:00
Last modified : 19-5-04 14:13:58

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@cgi-bin[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 19-5-04 14:42:05
Last accessed : 18-5-04 22:00:00
Last modified : 19-5-04 14:42:06

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@mediaplex[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 12-5-04 20:50:48
Last accessed : 2-6-04 22:00:00
Last modified : 12-5-04 20:50:50

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@agent.adman[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 16-5-04 11:52:36
Last accessed : 15-5-04 22:00:00
Last modified : 16-5-04 11:52:38

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@gator[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 2-6-04 20:02:03
Last accessed : 2-6-04 22:00:00
Last modified : 2-6-04 20:02:04

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@webpdp.gator[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 31-8-04 16:07:00
Last accessed : 2-6-04 22:00:00
Last modified : 31-8-04 16:07:02

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@www2.yesadvertising[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 1-6-04 18:54:15
Last accessed : 31-5-04 22:00:00
Last modified : 1-6-04 18:54:16

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@ad6.bannerbank[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 27-5-04 17:04:57
Last accessed : 26-5-04 22:00:00
Last modified : 27-5-04 17:04:58

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@metriweb[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 21-5-04 12:47:35
Last accessed : 25-5-04 22:00:00
Last modified : 21-5-04 12:47:36

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@promo.match[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 25-4-04 13:38:14
Last accessed : 5-5-04 22:00:00
Last modified : 25-4-04 13:38:16

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@klo[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 26-4-04 17:46:29
Last accessed : 31-5-04 22:00:00
Last modified : 26-4-04 17:46:30

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@cgi-bin[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 19-5-04 15:20:58
Last accessed : 26-5-04 22:00:00
Last modified : 19-5-04 15:21:00

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@www.cibleclick[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 13-5-04 16:18:53
Last accessed : 12-5-04 22:00:00
Last modified : 13-5-04 16:18:54

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@tracking.thunderdownloads[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 1-5-04 18:16:52
Last accessed : 4-5-04 22:00:00
Last modified : 1-5-04 18:16:54

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@2o7[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 13-5-04 11:31:17
Last accessed : 12-5-04 22:00:00
Last modified : 13-5-04 11:31:18

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@ads.tripod.lycos[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 10-5-04 18:00:43
Last accessed : 9-5-04 22:00:00
Last modified : 10-5-04 18:00:44

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@ehg-dig.hitbox[1].txt
Object : C:\WINDOWS\Cookies\
FileSize : 2 KB
Created on : 25-5-04 13:59:30
Last accessed : 24-5-04 22:00:00
Last modified : 25-5-04 13:59:32

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@hitbox[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 31-5-04 14:57:50
Last accessed : 30-5-04 22:00:00
Last modified : 31-5-04 14:57:52

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@zedo[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 3-6-04 17:07:34
Last accessed : 2-6-04 22:00:00
Last modified : 3-6-04 17:07:36

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@bluestreak[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 16-5-04 11:02:12
Last accessed : 15-5-04 22:00:00
Last modified : 16-5-04 11:02:14

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@realmedia[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 29-5-04 8:50:02
Last accessed : 30-5-04 22:00:00
Last modified : 29-5-04 8:50:04

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@commission-junction[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 19-5-04 14:13:57
Last accessed : 18-5-04 22:00:00
Last modified : 19-5-04 14:13:58

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@ads.tripod.lycos.co[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 19-5-04 15:20:54
Last accessed : 18-5-04 22:00:00
Last modified : 19-5-04 15:20:56

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@fortunecity[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 26-5-04 9:54:23
Last accessed : 30-5-04 22:00:00
Last modified : 26-5-04 9:54:24

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@spylog[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 27-5-04 17:34:37
Last accessed : 26-5-04 22:00:00
Last modified : 27-5-04 17:34:38

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@adtech[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 21-5-04 12:47:35
Last accessed : 20-5-04 22:00:00
Last modified : 21-5-04 12:47:36

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@0033[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 23-5-04 15:42:12
Last accessed : 22-5-04 22:00:00
Last modified : 23-5-04 15:42:14

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@atdmt[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 25-5-04 14:01:36
Last accessed : 25-5-04 22:00:00
Last modified : 25-5-04 14:01:38

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@ads.tripod.lycos[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 26-5-04 20:06:44
Last accessed : 25-5-04 22:00:00
Last modified : 26-5-04 20:06:46

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@bfast[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 25-5-04 15:45:30
Last accessed : 29-5-04 22:00:00
Last modified : 25-5-04 15:45:32

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@0[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 3-6-04 17:57:18
Last accessed : 2-6-04 22:00:00
Last modified : 3-6-04 17:57:20

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@servedby.advertising[2].txt
Object : C:\WINDOWS\Cookies\
FileSize : 2 KB
Created on : 3-6-04 18:07:26
Last accessed : 2-6-04 22:00:00
Last modified : 3-6-04 18:07:28

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@stat.onestat[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 26-5-04 15:57:15
Last accessed : 25-5-04 22:00:00
Last modified : 26-5-04 15:57:16

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@statcounter[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 26-5-04 16:01:38
Last accessed : 25-5-04 22:00:00
Last modified : 26-5-04 16:01:40

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@fastclick[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 2-6-04 20:02:13
Last accessed : 1-6-04 22:00:00
Last modified : 2-6-04 20:02:14

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@z1.adserver[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 30-5-04 17:27:06
Last accessed : 29-5-04 22:00:00
Last modified : 30-5-04 17:27:08

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@ehg-adversitement.hitbox[1].txt
Object : C:\WINDOWS\Cookies\
FileSize : 1 KB
Created on : 31-5-04 14:57:50
Last accessed : 30-5-04 22:00:00
Last modified : 31-5-04 14:57:52

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@advertising[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 3-6-04 18:07:24
Last accessed : 2-6-04 22:00:00
Last modified : 3-6-04 18:07:26

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@www5.yesadvertising[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 1-6-04 18:54:56
Last accessed : 31-5-04 22:00:00
Last modified : 1-6-04 18:54:58

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@www6.paypopup[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 1-6-04 18:55:30
Last accessed : 31-5-04 22:00:00
Last modified : 1-6-04 18:55:32

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@casalemedia[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 2-6-04 19:57:22
Last accessed : 1-6-04 22:00:00
Last modified : 2-6-04 19:57:24

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@webads[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 1-6-04 19:17:09
Last accessed : 31-5-04 22:00:00
Last modified : 1-6-04 19:17:10

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@a.as-eu.falkag[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 2-6-04 20:43:32
Last accessed : 2-6-04 22:00:00
Last modified : 2-6-04 20:43:34

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@as1.falkag[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 3-6-04 16:53:00
Last accessed : 2-6-04 22:00:00
Last modified : 3-6-04 16:53:02

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@mysearchnow[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 3-6-04 17:08:41
Last accessed : 2-6-04 22:00:00
Last modified : 3-6-04 17:08:42

Tracking Cookie Object recognized!
Type : File
Data : gebruiker@0[3].txt
Object : C:\WINDOWS\Cookies\

Created on : 3-6-04 17:42:51
Last accessed : 2-6-04 22:00:00
Last modified : 3-6-04 17:42:52

AdRotator Object recognized!
Type : File
Data : ieasst.dll
Object : C:\WINDOWS\
FileSize : 72 KB
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
Created on : 2-6-04 14:19:50
Last accessed : 2-6-04 22:00:00
Last modified : 16-10-03 17:15:58

AdRotator Object recognized!
Type : File
Data : mwsvm.bin
Object : C:\WINDOWS\
FileSize : 156 KB
Created on : 2-6-04 14:20:04
Last accessed : 2-6-04 22:00:00
Last modified : 15-9-03 15:51:34

AdRotator Object recognized!
Type : File
Data : urls.bin
Object : C:\WINDOWS\
FileSize : 103 KB
Created on : 2-6-04 14:20:04
Last accessed : 2-6-04 22:00:00
Last modified : 8-10-03 10:07:06

AdRotator Object recognized!
Type : File
Data : vurls.bin
Object : C:\WINDOWS\
FileSize : 1371 KB
Created on : 2-6-04 14:20:04
Last accessed : 2-6-04 22:00:00
Last modified : 15-10-03 14:40:44

AdRotator Object recognized!
Type : File
Data : mwsvm.exe
Object : C:\WINDOWS\
FileSize : 164 KB
FileVersion : 3, 0, 2, 231
ProductVersion : 3, 0, 2, 231
Created on : 2-6-04 14:20:05
Last accessed : 2-6-04 22:00:00
Last modified : 23-1-04 17:23:44

AdRotator Object recognized!
Type : File
Data : slmss.exe
Object : C:\Program Files\Common Files\Slmss\
FileSize : 55 KB
FileVersion : 1, 0, 0, 31
ProductVersion : 1, 0, 0, 31
Created on : 1-6-04 18:52:37
Last accessed : 2-6-04 22:00:00
Last modified : 1-6-04 18:52:32

SecondThought Object recognized!
Type : File
Data : stc.exe
Object : C:\Program Files\STC\
FileSize : 87 KB
FileVersion : 8.0.7.1
ProductVersion : 8.0.7.1
Copyright : Copyright (C) 2003
CompanyName : Copyright (C) 2003
FileDescription : Second Thought
InternalName : STC
OriginalFilename : STC.exe
ProductName : STC Application
Created on : 1-6-04 18:52:25
Last accessed : 2-6-04 22:00:00
Last modified : 1-6-04 18:52:26

VX2.BetterInternet Object recognized!
Type : File
Data : bdl14108.exe
Object : C:\Program Files\STC\
FileSize : 64 KB
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
Copyright : BetterInternet, Inc.
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
OriginalFilename : InstUtil.exe
ProductName : Install Utility
Created on : 1-6-04 19:36:40
Last accessed : 2-6-04 22:00:00
Last modified : 1-6-04 19:36:42

AdRotator Object recognized!
Type : File
Data : slmss.exe
Object : C:\Program Files\STC\
FileSize : 55 KB
FileVersion : 1, 0, 0, 31
ProductVersion : 1, 0, 0, 31
Created on : 1-6-04 18:52:30
Last accessed : 2-6-04 22:00:00
Last modified : 1-6-04 18:52:32

ClearSearch Object recognized!
Type : File
Data : clrschp070.exe
Object : C:\Program Files\STC\
FileSize : 76 KB
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
Copyright : Copyright
CompanyName : Clear Search
FileDescription : Loader
InternalName : Loader
OriginalFilename : Loader.exe
ProductName : Loader
Created on : 1-6-04 18:52:31
Last accessed : 2-6-04 22:00:00
Last modified : 1-6-04 18:52:32

PeopleOnPage Object recognized!
Type : File
Data : ace.dll
Object : C:\Program Files\SysAI\
FileSize : 568 KB
FileVersion : 5.1.18
ProductVersion : 5.1.18
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL
ProductName : ACE
Created on : 23-3-04 17:21:14
Last accessed : 2-6-04 22:00:00
Last modified : 23-3-04 17:21:16

BargainBuddy Object recognized!
Type : File
Data : bargains.exe
Object : C:\Program Files\Bargain Buddy\bin\
FileSize : 328 KB
Created on : 24-5-04 18:39:19
Last accessed : 2-6-04 22:00:00
Last modified : 17-6-03 6:43:04

BargainBuddy Object recognized!
Type : File
Data : apuc.dll
Object : C:\Program Files\Bargain Buddy\bin\
FileSize : 68 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2001
FileDescription : apuc Module
InternalName : apuc
OriginalFilename : apuc.DLL
ProductName : apuc Module
Created on : 24-5-04 18:39:20
Last accessed : 2-6-04 22:00:00
Last modified : 13-8-02 6:27:44

BargainBuddy Object recognized!
Type : File
Data : bargains.exe
Object : C:\Program Files\Bargain Buddy\bin2\
FileSize : 276 KB
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
Copyright : Copyright
FileDescription : bargains
InternalName : bargains
OriginalFilename : bargains.exe
ProductName : bargains buddy
Created on : 24-5-04 19:01:00
Last accessed : 2-6-04 22:00:00
Last modified : 8-4-04 19:53:00

BargainBuddy Object recognized!
Type : File
Data : apuc.dll
Object : C:\Program Files\Bargain Buddy\bin2\
FileSize : 160 KB
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
Copyright : Copyright
FileDescription : apuc Module
InternalName : apuc
OriginalFilename : apuc.DLL
ProductName : apuc Module
Created on : 24-5-04 19:01:01
Last accessed : 2-6-04 22:00:00
Last modified : 8-4-04 19:57:10

BargainBuddy Object recognized!
Type : File
Data : cb.exe
Object : C:\Program Files\Bargain Buddy\bin2\
FileSize : 48 KB
FileVersion : 1.00.0003
ProductVersion : 1.00.0003
Copyright : Copyright
CompanyName : Exact Advertising
FileDescription : Exact Advertising
InternalName : cb
OriginalFilename : cb.exe
ProductName : CashBack Program
Created on : 24-5-04 19:01:02
Last accessed : 2-6-04 22:00:00
Last modified : 8-4-04 20:04:52

ClearSearch Object recognized!
Type : File
Data : loader.exe
Object : C:\Program Files\ClearSearch\
FileSize : 76 KB
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
Copyright : Copyright
CompanyName : Clear Search
FileDescription : Loader
InternalName : Loader
OriginalFilename : Loader.exe
ProductName : Loader
Created on : 1-6-04 18:52:37
Last accessed : 2-6-04 22:00:00
Last modified : 1-6-04 18:52:32

VirtualBouncer Object recognized!
Type : Folder
Object : C:\Program Files\VBouncer

Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 81

Deep scanning and examining files (D

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Disk scan result for D:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 81

20:55:26 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:14:11:780
Objects scanned :143452
Objects identified :81
Objects ignored :0
New objects :81

Hijack this log:
Logfile of HijackThis v1.97.3
Scan saved at 20:39:56, on 3-6-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTSERVICE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK\PDESK.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MAIL FLAP FUNK\METABOLTIDOL.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\BARGAINS.EXE
C:\PROGRAM FILES\CLEARSEARCH\LOADER.EXE
C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.EXE
C:\WINDOWS\MWSVM.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
D:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mysearchnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {5C93DEE7-2E38-8F1C-7438-0507B3C5B914} - C:\PROGRAM FILES\PLAYHOLD\FRAGGPL.DLL (file missing)
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\BRIDGE.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\APUC.DLL
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [keep dash] C:\PROGRA~1\mail flap funk\metaboltidol.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\Run: [kvwt] C:\WINDOWS\kvwt.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [GhostStartService] C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTSERVICE.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKCU\..\RunServices: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\RunServices: [TV Media] C:\TV MEDIA\TVM.EXE
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38063.0785763889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/update.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/CDTInc/bridge.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/terraexplorer/install/TEInstallPlugIn.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe

Pieter Arntz · 3 jun 2004

Geplaatst door JoopF

O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe

O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe

Hoi JoopF,

Ik denk dat je zelf de boosdoener goed gezien hebt.

Vink daarom de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op en surf naar http://www.kaspersky.com/scanforvirus.html
Laat het bestand daar checken en laat het resultaat weten.

Groetjes,

Pieter

Pieter Arntz · 3 jun 2004

Geplaatst door Systemizer X100

O4 - HKLM\..\Run: [sysfrcx] C:\WINDOWS\System32\sysfrcx.exe

O4 - HKCU\..\Run: [svcSystem] C:\WINDOWS\System32\lrdsvr.exe

Hoi Systemizer X100,

Vink daarom de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op en surf naar http://www.kaspersky.com/scanforvirus.html
Laat deze bestanden daar checken
C:\WINDOWS\System32\sysfrcx.exe
C: \WINDOWS\System32\lrdsvr.exe
en laat het resultaat weten.

Groetjes,

Pieter

Pieter Arntz · 3 jun 2004

Geplaatst door Seabert
Alweer bedankt Pieter ook namens de vriendin :thumb:

MzzL
SeaB

Graag gedaan.

Pieter

Pieter Arntz · 3 jun 2004

Re: hijack this log

Geplaatst door lineke57
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mysearchnow.com

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll

O2 - BHO: (no name) - {5C93DEE7-2E38-8F1C-7438-0507B3C5B914} - C:\PROGRAM FILES\PLAYHOLD\FRAGGPL.DLL (file missing)
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\BRIDGE.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\APUC.DLL
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL

O4 - HKLM\..\Run: [keep dash] C:\PROGRA~1\mail flap funk\metaboltidol.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\Run: [kvwt] C:\WINDOWS\kvwt.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"

O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe

O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunServices: [TV Media] C:\TV MEDIA\TVM.EXE

O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/update.CAB

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/CDTInc/bridge.cab

O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe

Hoi Lineke57,

Vink daarom de bovenstaande aan, sluit alle vensters behalve HijackThis en klik op Fix checked.

Start daarna opnieuw op en laat Adaware nog eens draaien. Laat het dan alles verwijderen dat het vindt.
Start dan nog eens opnieuw op, draai HIjackThis nog een keer en plaats een log ter controle.

Groetjes,

Pieter

Gebruiker12 · 3 jun 2004

Re: Re: Re: weer probleem

Geplaatst door Pieter Arntz

Correct. Read all about it

Groetjes,

Pieter

Hoi Hansie en Pieter.
Heel leuk...but.. I don't understand technical English..sorry
Kun je mij uitleggen hoe ik die DSO Exploit dan moet verwijderen?
En wat Security Settings is?

Thanks...
Gr.Gebruiker12
p.s ben maar een leek.

Helpmij tegen spyware offensief (deel 5)

Gebruiker

Spywareslayer

Gebruiker

Gebruiker

Spywareslayer

Gebruiker

Terugkerende gebruiker

Gebruiker

Terugkerende gebruiker

Gebruiker

Gebruiker

Gebruiker

Spywareslayer

Spywareslayer

Gebruiker

Spywareslayer

Spywareslayer

Spywareslayer

Spywareslayer

Gebruiker

Wij waarderen jouw privacy