Helpmij tegen spyware offensief (deel 5)

Status
Niet open voor verdere reacties.
Geplaatst door H@NsiePanzzzer


Is dit wel je complete log? ik zie geen R1 of R2 entries die die startpagina zouden kunnen omzetten naar zoekpagina :confused:
Klik om te vergroten...

Ja ik heb zelf die search dingen eruit gegooid, maar die komen toch telkens terug. Ik snap er niks van. Als ze er weer in staan plaats ik nogmaals m'n log.

Grtz. Ikbenjamin

Logfile of HijackThis v1.97.7
Scan saved at 13:09:34, on 13-6-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Benjamin Veldhuizen\Local Settings\Temp\Tijdelijke map 7 voor hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66D91434-E330-4152-BD08-F2B7E1A2EBDB}: NameServer = 195.121.1.34 195.121.1.66
 
Die moet je niet zelf verwijderen, stel je voor dat je een entry verwijdert die niet wegmag! Plaats in het vervolg gewoon je log zonder eerst zelf dingen weg te gooien!
 
Geplaatst door ikbenjamin
C:\Documents and Settings\Benjamin Veldhuizen\Local Settings\Temp\Tijdelijke map 7 voor hijackthis.zip\HijackThis.exe
Klik om te vergroten...
Aan je log te zien heb je hem niet uitgepakt, doe dit eerst, voordat je het nog eens plaatst.
 
Laatst bewerkt:
Beste Pieter,

Het probleem is opgelost geweldig en harstikke bedankt.:thumb:
Groeten Ceesie 15
 
OK !

OK ! Opgelost. OEF! Heb wel Norton moeten herinstalleren, was direct geinfecteerd en niet bruikbaar. Dus wat ze op hun site (symantec) zeggen van ff updaten en scannen helpt dus niet !

Hopelijk niet teveel schade aangericht met toch wel een tweetal minuten dat er mails vanop mijn pc vertrokken zijn naar ...

Bedankt voor de snelle hulp !!!

:thumb:
 
"ajuto"

Ik ben nu al een tijdje alles aan het volgen op dit forum. Heb al van alles wat geprobeert. Gisteren Spybot een scan laten maken. Vandaag Ad Aware (na update en opnieuw opstarten omstreeks een uur of 11)
Nu net nog een bitrate online scan.. ik heb nu hetvolgende log.. heeft er iemand tijd om erna te kijken?
gr Raymond

Logfile of HijackThis v1.97.7
Scan saved at 13:52:50, on 13-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\HPConfig.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\jesigxqm.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\drive audio\Global blah.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\com.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\wisptis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Raymond van Tilburg\Mijn documenten\spyware info Hijack this.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: first pile bolt - {57733380-BBB2-01C1-3BCD-C971921161B6} - C:\PROGRA~1\ATOMPO~1\Knobcash.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [jcnscdlfhgq] C:\WINDOWS\System32\jesigxqm.exe
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [type less] C:\PROGRA~1\drive audio\Global blah.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CLSID] C:\WINDOWS\System32\com.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/148119a2571ca3/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37921.5005671296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
 
Loggetje

Hoihoi, ik had wat problemen met mijn computer, zoals zeer weinig systeembronnen vrij, of als wanneer ik de pc opstart, dat ie zegt dat er geen internetverbinding is (heb kabelinternet) en dan kan ik op offline werken of opnieuw klikken, klik ik dan op opnieuw, dan is er niets aan de hand. Iemand in de chat raadde me aan te doen wat er in dit topic staat.

Ik heb eerst Adaware en daarna Spybot S&D gedraaid. Daarna een log gemaakt:

Logfile of HijackThis v1.97.7
Scan saved at 14:18:29, on 13-6-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MOUSE DRIVER\MOUSE DRIVER\5.2\MOUSE32A.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0413&s=search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0413&s=search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0413&s=search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&s=search&query=%s&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Systeemwerkbalk] SysTray.Exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\5.2\MOUSE32A.EXE
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38018.5537268519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
Klik om te vergroten...

Ik hoop dat jullie me kunnen helpen, bij voorbaat dank.
 
hoi, ik krijg de laatste tijd steeds een for anders earch homepage op mn IE.

mn hijack log:

Logfile of HijackThis v1.97.7
Scan saved at 15:18:19, on 13-6-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\UPDMGR\UPDMGR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\APPLICATION DATA\MSBZ\MSBZ.DLL
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION DATA\MSBZ\AT***32.DLL
O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\APPLICATION DATA\MSBZ\NTNG32.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1629.0\NL\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\D3OL.DLL,Install
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\D3OL.DLL,Install
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Kangaroo (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by16fd.bay16.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
 
hier is weer een logfile

Logfile of HijackThis v1.97.7
Scan saved at 15:22:37, on 13-6-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\PROGRA~1\Support.com\bin\tgcmd.exe
C:\PROGRA~1\ISOPRO~1\AimDeaf.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Silvia\Mijn documenten\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchweb2.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.standbyservice.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.arnhem.chello.nl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] c:\PROGRA~1\logitech\MOUSEW~1\system\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NDplDeamon] nstask32.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\PROGRA~1\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [Clockanti] C:\PROGRA~1\ISOPRO~1\AimDeaf.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &IE Toolbar search - res://C:\WINDOWS\Downloaded Program Files\toolbar.dll/SEARCH.HTML
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.standbyservice.nl
O16 - DPF: ChatSpace Full Java Client 2.1.0.89 - http://213.133.40.11:8000/Java/cs4fs089.cab
O16 - DPF: {06EE5631-8B69-4BF6-A531-91BDDF785734} (chelloInstall.Install) - http://quickfix.chello.nl/esupport/asp/chelloInstall.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (chelloInstall.Install) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.229.27.208/activex/AxisCamControl.ocx
O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (LaunchApp.clsDefault) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1A8E090-8560-4CDD-B4F7-A7043F658104}: NameServer = 212.142.28.66,212.142.28.67

Hoop dat het nu opgelost wordt.....
krijg wat van die pc van ons.
succes
 
Geplaatst door sluys

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\pflom.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\pflom.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\pflom.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\pflom.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\pflom.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\pflom.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank

O2 - BHO: (no name) - {33214F07-53A1-4410-8C47-31D9834B70A1} - C:\WINDOWS\System32\pflom.dll

O4 - HKLM\..\Run: [Windows Update Process] wmiprvsc.exe

O4 - HKLM\..\RunServices: [Windows Update Process] wmiprvsc.exe
O4 - HKCU\..\Run: [Windows Update Process] wmiprvsc.exe
O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe

O16 - DPF: {10000001-1001-1001-1000-000000000000} - file://C:\Program Files\Internet Explorer\nKeogW.exe
O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT!http://66.117.38.54:80/iex/ofile.ex...80/dexBE713.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!
Klik om te vergroten...

Hoi sluys,
Op de eerste plaats wil ik je dringed adviseren Hijack This in een eigen aparte map te plaatsen, bijvoorbeeld C:\Hijack This\hijackthis.exe. Dit omdat Hijack This backups maakt in de map van waar hij draait. Zo hou je het overzichtelijk en alles bij elkaar.

Zet het systeem herstel uit. Hierdoor worden de herstelpunten verwijderd en dus ook de eventuele vrussen en trojans die zich daarin hebben genesteld.
Herstart de PC zoals gevraagd bij het uitschakelen van het Systeem herstel

Download de Gaobot removal tool. Je hebt een variant van de GaoBot worm.
Start nu eerst die GAObot removal tool en laat die scannen en fixen.

Download CWShredder
Maar start hem nog niet op, dat doen we als we klaar zijn met Hijack This.

Scan nu nogmaals met Hijack This.
In Hijack This, vink alle bovenstaande items (zie quote) , (of die er nog over zijn na de scan met de GaoBot removal tool) aan.
Sluit alle schermen, (dus ook Internet explorer en deze pagina), behalve Hijack This zelf.
Klik vervolgens op "Fix Checked"

Open nu CWShredder en klik op de knop "Fix"
Volg de aanwijzingen nauwkeurig op.

Herstart de PC op in veilige modus
Zorg dat in de map opties van Windows Verkenner (Menu Extra --> Mapopties --> Tabblad "Weergave") "Verborgen mappen en bestanden weergeven" aan staat.

Verwijder via Windows verkenner de volgende zaken (mits nog aanwezig):

C:\WINDOWS\System32\pflom.dll
c:\windows\winlogon.exe

Herstart de PC weer normaal op en scan nogmaals met Hijack This om te controleren of alle troep weg is.
Zet systeem herstel weer aan en herstart de PC zodat je weer een herstel punt hebt.

Succes,
Olav
 
Logfile of HijackThis v1.97.7
Scan saved at 15:44:43, on 13-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Iomega Automatic Backup\ibackup.exe
C:\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Norton SystemWorks\Norton GoBack\GBTray.exe
D:\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
D:\WINZIP\winzip32.exe
C:\Documents and Settings\Annie\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [LWBMOUSE] C:\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek (HKLM)
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://H:\content\include\XPPatchInstaller.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38145.4124421296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
Geplaatst door ikbenjamin
Hallo,

Ik heb telkens een probleem met mijn startpagina. Iedere keer zet deze zich terug naar een bepaalde zoekpagina. Nu heb ik een paar keer adaware gedraaid. Die verwijderd dan de spyware, maar vaak is het even later gewoon weer terug. Ook heb ik hijack this een paar keer laten lopen en bepaalde dingen gefixd. Toch blijft het probleem zich voordoen. Wie weet hoe ik dit probleem kan oplossen. Hieronder staat mijn log. In ieder geval alvast bedankt.

Grtz. Ikbenjamin
Klik om te vergroten...

Hallo ikbenjamin,
Ik kan niets vindenin je log. Kom eens terug als je weer last van die startpagina hebt, maar fix dan NIET eerst zelf dingen in Hijack this. Dan kunnen we natuurlijk niets doen.

Daarnaats wil ik je dringed adviseren Hijack This in een eigen aparte map te plaatsen, bijvoorbeeld C:\Hijack This\hijackthis.exe. Dit omdat Hijack This backups maakt in de map van waar hij draait. Zo hou je het overzichtelijk en alles bij elkaar en hadden we items terug kunnen plaatsen om het euvel alsnog te verhelpen. Bij jou kan die geen bacups maken omdat jij hem direct uit de zipfile draait.

Update Windows en Internet Explorer. Jouw Windows en Internet Explorer zijn verouderd waardoor er gaten in zitten die al lang gefixt zijn met updates. Door die "gaten" kunnen wormen, virussen, trojans, spy- en ad-ware makkelijker binnen komen.

Olav
 
Re: "ajuto"

Geplaatst door r.van.tilburg
Ik ben nu al een tijdje alles aan het volgen op dit forum. Heb al van alles wat geprobeert. Gisteren Spybot een scan laten maken. Vandaag Ad Aware (na update en opnieuw opstarten omstreeks een uur of 11)
Nu net nog een bitrate online scan.. ik heb nu hetvolgende log.. heeft er iemand tijd om erna te kijken?
gr Raymond

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)

O3 - Toolbar: first pile bolt - {57733380-BBB2-01C1-3BCD-C971921161B6} - C:\PROGRA~1\ATOMPO~1\Knobcash.dll (file missing)

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [jcnscdlfhgq] C:\WINDOWS\System32\jesigxqm.exe

O4 - HKLM\..\Run: [CLSID] C:\WINDOWS\System32\com.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
Klik om te vergroten...
Hoi r.van.tilburg,

In Hijack This, vink alle bovenstaande items (zie quote) aan.
Sluit alle schermen, behalve Hijack This zelf.
Klik vervolgens op "Fix Checked"

Herstart de PC op in veilige modus
Zorg dat in de map opties van Windows Verkenner (Menu Extra --> Mapopties --> Tabblad "Weergave") "Verborgen mappen en bestanden weergeven" aan staat.

Verwijder via Windows verkenner de volgende zaken (mits nog aanwezig):
C:\Windows\System32\wsaupdater.exe <-- bestand
C:\WINDOWS\System32\jesigxqm.exe <-- bestand
C:\WINDOWS\System32\com.exe <-- bestand

Herstart de PC weer normaal op en scan nogmaals met Hijack This om te controleren of alle troep weg is.

Succes,
Olav
 
Logfile of HijackThis v1.97.7
Scan saved at 16:24:41, on 13/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\sncntr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System\hppropty.exe
C:\WINDOWS\System32\com.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Digital Image\Monitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Office XP\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Kazaa Lite K++\My Shared Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/NowOnline/Portal/portal.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/NowOnline/Portal/portal.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file:///C:/Program%20Files/QuickPage/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {02A2F765-7168-4A6E-8A9B-4CCA82052788} - C:\WINDOWS\fyrsb.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - (no file)
O2 - BHO: (no name) - {1A30C10E-21C7-4F9F-BBA0-D3C818883E94} - C:\WINDOWS\jjuhscmrk.dll
O2 - BHO: (no name) - {1ECCCDB9-9125-43EA-9FB6-40B19F7E5BEF} - C:\WINDOWS\ckvntns.dll
O2 - BHO: (no name) - {22BDCBDA-1BC7-48D6-AF57-F0EFC9CA99A2} - C:\WINDOWS\jkogxba.dll
O2 - BHO: (no name) - {498F9234-31DB-463B-9E21-B0BA8779DC3C} - C:\WINDOWS\qmrw.dll
O2 - BHO: (no name) - {4D3D9CEB-E172-4A4D-815E-463833043B8C} - C:\WINDOWS\yueam.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C1B579D-3479-4300-95A6-9248892D43DE} - C:\WINDOWS\hjojajcv.dll
O2 - BHO: (no name) - {5C789D14-0E34-40AB-9801-90ADF462003C} - C:\WINDOWS\hfkvoxy.dll
O2 - BHO: (no name) - {77CF31DD-DDA0-4FA2-A20C-D2DDB748DD51} - C:\WINDOWS\dpmu.dll
O2 - BHO: (no name) - {8FA78065-E8DA-47A0-A0B8-705F7A5D2C34} - C:\WINDOWS\zbywtn.dll
O2 - BHO: (no name) - {9CA21756-B752-4AE4-892B-0BD7B7A505A2} - C:\WINDOWS\onalnsq.dll
O2 - BHO: (no name) - {A2AA7C97-6462-488C-8CF3-1B9CBE3957EC} - C:\WINDOWS\woxqjw.dll
O2 - BHO: (no name) - {A847F838-1C58-4E8B-977F-7C222B889F3E} - C:\WINDOWS\rfcvprd.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B9A3F496-D4A6-4020-B043-58CF8BE5FAAC} - C:\WINDOWS\tiqjip.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BEB1FC54-DA62-4E61-BC20-D038830DAB6C} - C:\WINDOWS\vcgtumo.dll
O2 - BHO: (no name) - {C642C395-B54D-4677-AE36-BAE4803A98DD} - C:\WINDOWS\kWG63V5V7.dll (file missing)
O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O2 - BHO: (no name) - {F0BDD6E6-575D-4E39-871B-15D8024647AE} - C:\WINDOWS\gqflvryqc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
O4 - HKLM\..\Run: [BIOVFLS] C:\WINDOWS\BIOVFLS.exe
O4 - HKLM\..\Run: [nortonupdate] nortonuptdate.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP LaserJet ToolBox] hppropty.exe
O4 - HKLM\..\Run: [hop] C:\WINDOWS\hop.exe
O4 - HKLM\..\Run: [CLSID] C:\WINDOWS\System32\com.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &search with URSEARCH Toolbar - res://C:\Program Files\ursearch\ursearch.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI01DA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.be
O16 - DPF: Dexia Netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {214868A8-F71B-473E-8ECF-6EE1DE6B91D8} - http://pms.localscripts.nl/plugins/3/ms7531_be.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {65B818E1-F4D8-4F96-A1DF-35F3D1C86194} - http://bins.roings.com/mp3.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://virusscan.zdnet.nl/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.6069328704
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mp3.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B714E767-C570-4547-9C7C-BE6B8A715032}: NameServer = 62.235.14.4 62.235.13.199
 
Logfile of HijackThis v1.97.7
Scan saved at 16:22:19, on 13-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Iomega Automatic Backup\ibackup.exe
C:\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Norton SystemWorks\Norton GoBack\GBTray.exe
D:\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\WINZIP\winzip32.exe
C:\Documents and Settings\Annie\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [LWBMOUSE] C:\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek (HKLM)
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://H:\content\include\XPPatchInstaller.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38145.4124421296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Ik heb hem wel uitgepakt, is deze ook niet goed

Groetjes van Annie
 
Geplaatst door Annie42
C:\Documents and Settings\Annie\Local Settings\Temp\HijackThis.exe

Ik heb hem wel uitgepakt, is deze ook niet goed
Klik om te vergroten...
De bovenstaande regel geeft aan dat Hijack this nog in je Temp map staat.
Dus is ie helaas niet uitgepakt.
Pak het bestand uit naar een aparte map.
Bijvoorbeeld C:\Hijack this\Hijack this.exe
 
Geplaatst door Annie42
Logfile of HijackThis v1.97.7
Scan saved at 16:22:19, on 13-6-2004
(.....)
Ik heb hem wel uitgepakt, is deze ook niet goed

Groetjes van Annie
Klik om te vergroten...

Hoi Annie,

Je hebt het goed geplaatst! Nu even wachten op antwoord van experts die je log beoordelen op rotzooi!

Groeten,
Hans
 
Re: Loggetje

Geplaatst door Weirdo
Hoihoi, ik had wat problemen met mijn computer, zoals zeer weinig systeembronnen vrij, of als wanneer ik de pc opstart, dat ie zegt dat er geen internetverbinding is (heb kabelinternet) en dan kan ik op offline werken of opnieuw klikken, klik ik dan op opnieuw, dan is er niets aan de hand. Iemand in de chat raadde me aan te doen wat er in dit topic staat.

Ik heb eerst Adaware en daarna Spybot S&D gedraaid. Daarna een log gemaakt:

O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup **
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp **

O4 - HKLM\..\RunServices: [HC Reminder] hc.exe **

O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon **
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" **
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart **
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background **

Ik hoop dat jullie me kunnen helpen, bij voorbaat dank.
Klik om te vergroten...

Hallo Weirdo,
Spy- en ad-ware vrij. Wel een aantal start-ups die niet echt noodzakelijk zijn en waardoor je systeembronnen wat laag kunnen zijn.
Om die te fixen vink alle bovenstaande items (zie quote) aan.
Sluit alle schermen, behalve Hijack This zelf.
Klik vervolgens op "Fix Checked"

Herstart daarna de PC.
Succes,
Olav
 
Logfile of HijackThis v1.97.7
Scan saved at 16:31:17, on 13-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\drivers\etc\winlogon.exe
F:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\winlogon.exe
F:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\winlogon.exe
F:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\csrss.exe
F:\WINDOWS\system32\dllcache\win32\winlogon.exe
F:\WINDOWS\system32\dllcache\win32\winlogon.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\drivers\etc\winlogon.exe
F:\WINDOWS\system32\drivers\etc\win32.exe
F:\WINDOWS\system32\drivers\etc\winlogon.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Voetbal International\WatchDog.Exe
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\WINDOWS\System32\f0r0r\dirote.exe
F:\WINDOWS\System32\mslog21.exe
F:\WINDOWS\System32\postfix.exe
F:\WINDOWS\System32\desktop.exe
F:\WINDOWS\System32\MSlti32.exe
F:\WINDOWS\System32\msgfix32.exe
F:\WINDOWS\System32\luazool.exe
F:\WINDOWS\System32\postfix.exe
F:\WINDOWS\System32\msgfix32.exe
F:\WINDOWS\System32\f0r0r\ppi.exe
F:\WINDOWS\System32\devldr32.exe
F:\Documents and Settings\Rens\Mijn documenten\OsmScript3\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onlinesoccermanager.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.alcatel.com/consumer/dsl/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Update] luazool.exe
O4 - HKLM\..\Run: [rn4d] F:\WINDOWS\System32\f0r0r\kolder.exe F:\WINDOWS\System32\f0r0r\dirote.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDogExe] F:\Program Files\Voetbal International\WatchDog.Exe
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MSZTCE] F:\WINDOWS\System32\MSZTCE.EXE
O4 - HKLM\..\Run: [Microsoft Windows Update] mslog21.exe
O4 - HKLM\..\Run: [Configuration Loader] postfix.exe
O4 - HKLM\..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM\..\Run: [System Configuration Loader] msgfix32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] luazool.exe
O4 - HKLM\..\RunServices: [telnet2] F:\WINDOWS\System32\winlogon.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] mslog21.exe
O4 - HKLM\..\RunServices: [Configuration Loader] postfix.exe
O4 - HKLM\..\RunServices: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM\..\RunServices: [System Configuration Loader] msgfix32.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...le.com/saba/nl/win/QuickTimeFullInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38117.018599537
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2288B6F-83C7-47BB-AC72-8A8759EB7156}: NameServer = 194.134.5.5 194.134.0.97




alvast bedankt:D
 
Geplaatst door Rens0ont

O4 - HKLM\..\Run: [Microsoft Update] luazool.exe
O4 - HKLM\..\Run: [rn4d] F:\WINDOWS\System32\f0r0r\kolder.exe F:\WINDOWS\System32\f0r0r\dirote.exe

O4 - HKLM\..\Run: [MSZTCE] F:\WINDOWS\System32\MSZTCE.EXE
O4 - HKLM\..\Run: [Microsoft Windows Update] mslog21.exe
O4 - HKLM\..\Run: [Configuration Loader] postfix.exe
O4 - HKLM\..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM\..\Run: [System Configuration Loader] msgfix32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] luazool.exe
O4 - HKLM\..\RunServices: [telnet2] F:\WINDOWS\System32\winlogon.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] mslog21.exe
O4 - HKLM\..\RunServices: [Configuration Loader] postfix.exe
O4 - HKLM\..\RunServices: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM\..\RunServices: [System Configuration Loader] msgfix32.exe

O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
Klik om te vergroten...

Hoi Rens0ont,

Stop deze twee processen:
F:\WINDOWS\System32\f0r0r\dirote.exe
F:\WINDOWS\System32\f0r0r\ppi.exe

Vink dan de bovenstaande aan in HijackThis en klik op Fix checked.

Start dan je computer in veilige modus op en verwijder:
F:\WINDOWS\System32\f0r0r <= de hele map
F:\WINDOWS\System32\mslog21.exe
F:\WINDOWS\System32\postfix.exe
F:\WINDOWS\System32\MSlti32.exe
F:\WINDOWS\System32\msgfix32.exe
F:\WINDOWS\System32\luazool.exe
F:\WINDOWS\System32\postfix.exe

Start dan normaal op en doe een online virusscan bv op www.housecall.nl

Groetjes,

Pieter
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan