Helpmij tegen spyware offensief (deel 5)
- Onderwerp starter m@rio
- Startdatum
- Status
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: probleem met About blank
Hi themusicmaster,
Lees deze maar voor de instructies:
http://www.helpmij.nl/forum/showthread.php?threadid=168347
Groetjes,
Pieter
Hi themusicmaster,
Lees deze maar voor de instructies:
http://www.helpmij.nl/forum/showthread.php?threadid=168347
Groetjes,
Pieter
hompiedompie
Gebruiker
- Lid geworden
- 26 jun 2004
- Berichten
- 7
Dat is heel mooi maar heb nog steeds het probleem dat op een aantal pagina's na, meldingen als "Bbewerking afgebroken" , "Pagina niet beschikbaar" , en rode kruisjes.
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: post
Hoi w v g,
Helpt dit?
http://home.planet.nl/~kleyn080/hijackthisuitleg.html
Groetjes,
Pieter
Hoi w v g,
Helpt dit?
http://home.planet.nl/~kleyn080/hijackthisuitleg.html
Groetjes,
Pieter
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Dit kan van alles zijn:
Firewall, DNS probleem, beschadigde IE of Windows onderdelen etc.
Groetjes,
Pieter
Startpagina problemen
Ey Pieter, we komen er wel.
Ik kon beide processen beeindigen, echter ik kon deze bestanden niet vinden en dus ook niet verwijderen:
c:/windows/sdknr.exe
c:/windows/javagl.dat (wel c:/windows/javagl.exe)
c:/windows/uauve.dll
In c:/windows/prefect stond wel een pf-bestandje met de naam sdknr.exe-.....
Ik zoek ze altijd gewoon via Deze computer --> c: --> windows, dat moet toch ook zo?
Ik meld dit eerst even voor ik verderga.
Met vriendelijke groet,
Ey Pieter, we komen er wel.
Ik kon beide processen beeindigen, echter ik kon deze bestanden niet vinden en dus ook niet verwijderen:
c:/windows/sdknr.exe
c:/windows/javagl.dat (wel c:/windows/javagl.exe)
c:/windows/uauve.dll
In c:/windows/prefect stond wel een pf-bestandje met de naam sdknr.exe-.....
Ik zoek ze altijd gewoon via Deze computer --> c: --> windows, dat moet toch ook zo?
Ik meld dit eerst even voor ik verderga.
Met vriendelijke groet,
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: Startpagina problemen
Jouw computer is echt razendsnel met het vervangen van die bestanden.
javagl.dll => javagl.dat => javagl.exe
Ik hoop dat je die keten doorbroken hebt door javagl.exe te verwijderen.
pf bestandjes zijn op zich onschadelijk, maar je kunt die wel allemaal verwijderen als straks alles achter de rug is.
Groetjes,
Pieter
Jouw computer is echt razendsnel met het vervangen van die bestanden.
javagl.dll => javagl.dat => javagl.exe
Ik hoop dat je die keten doorbroken hebt door javagl.exe te verwijderen.
pf bestandjes zijn op zich onschadelijk, maar je kunt die wel allemaal verwijderen als straks alles achter de rug is.
Groetjes,
Pieter
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Hoi Önder,
Ik ben je niet vergeten, maar gezien alle problemen die je hebt met dingen die het om onverklaarbare redenen niet doen, lijkt formatteren me niet eens zo'n slechte optie.
De keuze is de jouwe, logischerwijze.
Ik hoor het wel. Ik wil je met alle plezier blijven helpen. Alleen via chat is geen optie voor mij.
Groetjes,
Pieter
Beste pieter dit kwam na 2 uur viruscannen uit mijn pc. Misschien heeft het wel iets ''goeds'' gewist. Ik kreeg advies om hem hier te plaatsen.
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Del1.tmp infected: Adware.1088
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Del1.tmp deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Del2.tmp infected: Adware.1088
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Del2.tmp deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Del3.tmp infected: Adware.1088
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Del3.tmp deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Del3EC.tmp infected: Adware.1088
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Del3EC.tmp deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\FLEOK\msbb.exe infected: Adware.1088
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\FLEOK\msbb.exe deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\istsv_.exe infected: Trojan.Downloader.IstBar.BO
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\istsv_.exe deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\ist_install.exe=>(Upx) infected: Trojan.Downloader.IstBar.EH
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\ist_install.exe deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\ncmyb.dll infected: Adware.1088
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\ncmyb.dll deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\optimize.exe=>(Upx) infected: Trojan.Downloader.Dyfuca.BQ
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\optimize.exe deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Temporary Internet Files\Content.IE5\SOIJ0VW1\istsvc[1].exe=>(Upx) infected: Trojan.IstSvc.A
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Temporary Internet Files\Content.IE5\SOIJ0VW1\istsvc[1].exe deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\THI26DE.tmp\preInsTT.exe infected: Adware.Serchentrix.A
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\THI26DE.tmp\preInsTT.exe deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\THI26DE.tmp\twaintec.dll infected: Trojan.Spy.BiSpy.C
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\THI26DE.tmp\twaintec.dll deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\whenu.exe infected: Trojan.Adware.Whenu.B
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\whenu.exe deleted
C:\Documents and Settings\Onder Dogan\Local Settings\Temp\cln4.tmp infected: Trojan.Downloader.Dyfuca.BW
C:\Documents and Settings\Onder Dogan\Local Settings\Temp\cln4.tmp deleted
C:\Documents and Settings\Recep\Application Data\tsst.exe=>(Upx) infected: Trojan.Adware.BuddyLinks.A
C:\Documents and Settings\Recep\Application Data\tsst.exe deleted
C:\Documents and Settings\Recep\Local Settings\Temp\bi.exe infected: Trojan.Spy.BI.Dropper
C:\Documents and Settings\Recep\Local Settings\Temp\bi.exe deleted
C:\Documents and Settings\Recep\Local Settings\Temp\dload.exe.tcf=>(Upx) infected: Trojan.Downloader.Small.AA
C:\Documents and Settings\Recep\Local Settings\Temp\dload.exe.tcf deleted
C:\Documents and Settings\Recep\Local Settings\Temp\ICD1.tmp\f3Setup1.exe infected: Trojan.Dropper.FunWeb.A
C:\Documents and Settings\Recep\Local Settings\Temp\ICD1.tmp\f3Setup1.exe deleted
C:\Documents and Settings\Recep\Local Settings\Temp\ist_install.exe=>(Upx) infected: Trojan.Downloader.IstBar.CY
C:\Documents and Settings\Recep\Local Settings\Temp\ist_install.exe deleted
C:\Documents and Settings\Recep\Local Settings\Temp\u070104.exe infected: Trojan.Downloader.Small.FV
C:\Documents and Settings\Recep\Local Settings\Temp\u070104.exe deleted
C:\Documents and Settings\Recep\Mijn documenten\LOMALKA[1].RU-SimCity_3000\awi.exe=>(Upx) infected: Trojan.Downloader.INService.A
C:\Documents and Settings\Recep\Mijn documenten\LOMALKA[1].RU-SimCity_3000\awi.exe deleted
C:\Documents and Settings\Recep\Mijn documenten\SimCity3000crackFHCF\crack.exe infected: Trojan.Dropper.Bridge.A
C:\Documents and Settings\Recep\Mijn documenten\SimCity3000crackFHCF\crack.exe deleted
C:\Documents and Settings\Recep\Mijn documenten\Simcity3000keygeneYE\crack.exe infected: Trojan.Dropper.Bridge.A
C:\Documents and Settings\Recep\Mijn documenten\Simcity3000keygeneYE\crack.exe deleted
C:\Documents and Settings\Recep\Mijn documenten\SimCity_3000_by_Birdyman\crack.exe infected: Trojan.Dropper.Bridge.A
C:\Documents and Settings\Recep\Mijn documenten\SimCity_3000_by_Birdyman\crack.exe deleted
C:\Documents and Settings\Recep\Mijn documenten\SimCity_3000_Money_Trainer_+1\crack.exe infected: Trojan.Dropper.Bridge.A
C:\Documents and Settings\Recep\Mijn documenten\SimCity_3000_Money_Trainer_+1\crack.exe deleted
C:\Documents and Settings\Önder.SN031290320512.001\Application Data\tsst.exe=>(Upx) infected: Trojan.Adware.BuddyLinks.A
C:\Documents and Settings\Önder.SN031290320512.001\Application Data\tsst.exe deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\Belt.exe infected: Trojan.Downloader.Stubby.A
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\Belt.exe deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\bi.exe infected: Trojan.Spy.BI.Dropper
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\bi.exe deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\biprep.exe infected: Trojan.Spy.BI
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\biprep.exe deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\cln39.tmp infected: Trojan.Downloader.Dyfuca.AC
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\cln39.tmp deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\cln3A.tmp infected: Trojan.Downloader.Dyfuca.V
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\cln3A.tmp deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\msbb.exe infected: Application.Adware.180solutions.A
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\msbb.exe deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\optimize.exe infected: Trojan.Downloader.Dyfuca.AK
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\optimize.exe deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\THI113F.tmp\preInsTT.exe infected: Adware.Serchentrix.A
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\THI113F.tmp\preInsTT.exe deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\THI113F.tmp\twaintec.dll infected: Trojan.Spy.BiSpy.C
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\THI113F.tmp\twaintec.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040417-215304-468.dll infected: Application.IESearchBar
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040417-215304-468.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040417-215304-502.dll infected: Trojan.Clicker.Delf.R
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040417-215304-502.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040417-215305-707.dll infected: Trojan.Downloader.Bridge.A
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040417-215305-707.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040622-225534-442.dll=>(Upx) infected: Trojan.Downloader.IstBar.DW
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040622-225534-442.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040623-153650-172.dll infected: Trojan.Downloader.Dyfuca.AG
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040623-153650-172.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040623-153650-532.dll infected: Trojan.Clicker.Delf.R
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040623-153650-532.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040623-153650-613.dll infected: Trojan.Download.Dyfuca.AD
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040623-153650-613.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040623-153650-690.dll infected: Trojan.Downloader.Bridge.A
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040623-153650-690.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040625-184447-224.dll infected: Trojan.Downloader.Agent.AP
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040625-184447-224.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040625-184646-865.dll infected: Trojan.Downloader.Agent.AP
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040625-184646-865.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040625-195758-778.dll infected: Trojan.Downloader.Agent.AP
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040625-195758-778.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040625-222010-381.dll infected: Trojan.Downloader.Agent.AP
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040625-222010-381.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\file3\crack.exe infected: Trojan.Dropper.Bridge.A
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\file3\crack.exe deleted
C:\My Shared Folder\Counter-Strike CD Key-Generator (1) - Full Version.exe infected: Trojan.StomCC.A
C:\My Shared Folder\Counter-Strike CD Key-Generator (1) - Full Version.exe deleted
C:\Program Files\180Search\FLEOK\msbb.exe infected: Adware.1088
C:\Program Files\180Search\FLEOK\msbb.exe deleted
C:\Program Files\180Search\msbb.exe infected: Adware.1088
C:\Program Files\180Search\msbb.exe deleted
C:\Program Files\180Search\ncmyb.dll infected: Adware.1088
C:\Program Files\180Search\ncmyb.dll deleted
C:\Program Files\HTTP Brute Forcer\HTTP Brute Forcer.exe infected: Application.Tool.HTTPBForce.A
C:\Program Files\HTTP Brute Forcer\HTTP Brute Forcer.exe deleted
C:\Program Files\Maxis\SimCity 3000\crack.exe infected: Trojan.Dropper.Bridge.A
C:\Program Files\Maxis\SimCity 3000\crack.exe deleted
C:\RECYCLER\S-1-5-21-252549845-1489447184-2731216593-1005\Dc4\iesearchbar.dll infected: Application.IESearchBar
C:\RECYCLER\S-1-5-21-252549845-1489447184-2731216593-1005\Dc4\iesearchbar.dll deleted
C:\RECYCLER\S-1-5-21-252549845-1489447184-2731216593-1005\Dc5.dll infected: Trojan.Downloader.Bridge.A
C:\RECYCLER\S-1-5-21-252549845-1489447184-2731216593-1005\Dc5.dll deleted
C:\RECYCLER\S-1-5-21-252549845-1489447184-2731216593-1005\Dc6.exe infected: Trojan.Downloader.Stubby.A
C:\RECYCLER\S-1-5-21-252549845-1489447184-2731216593-1005\Dc6.exe deleted
C:\RECYCLER\S-1-5-21-4007134586-3071277128-4237172653-1009\Dc13.exe infected: Trojan.Downloader.Stubby.A
C:\RECYCLER\S-1-5-21-4007134586-3071277128-4237172653-1009\Dc13.exe deleted
C:\RECYCLER\S-1-5-21-4007134586-3071277128-4237172653-1009\Dc16\slmss.exe=>(Upx) infected: Trojan.SecondThought.A
C:\RECYCLER\S-1-5-21-4007134586-3071277128-4237172653-1009\Dc16\slmss.exe deleted
C:\sp.exe infected: Trojan.NSearch.A
C:\sp.exe deleted
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP1\A0000107.COM suspect: Dos.BootInfector
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP1\A0000107.COM copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP14\A0005195.exe infected: Trojan.Downloader.Dyfuca.AC
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP14\A0005195.exe copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP14\A0005196.exe infected: Trojan.Downloader.Dyfuca.AC
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP14\A0005196.exe copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP19\A0007646.exe infected: Trojan.Adware.Whenu.B
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP19\A0007646.exe copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP23\A0009332.exe infected: Adware.1088
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP23\A0009332.exe copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP24\A0009374.exe infected: Adware.1088
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP24\A0009374.exe copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP24\A0011395.exe infected: Adware.1088
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP24\A0011395.exe copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP24\A0011398.exe infected: Trojan.Downloader.Istbar.DX
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP24\A0011398.exe copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP25\A0011823.DLL infected: Trojan.Keylogger.HotKeysHook.A
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP25\A0011823.DLL copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP26\A0011879.exe infected: Trojan.Spy.Briss.E
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP26\A0011879.exe copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP39\A0016336.exe infected: Win32.Netsky.AA@mm
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP39\A0016336.exe copied
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Del1.tmp infected: Adware.1088
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Del1.tmp deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Del2.tmp infected: Adware.1088
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Del2.tmp deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Del3.tmp infected: Adware.1088
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Del3.tmp deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Del3EC.tmp infected: Adware.1088
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Del3EC.tmp deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\FLEOK\msbb.exe infected: Adware.1088
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\FLEOK\msbb.exe deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\istsv_.exe infected: Trojan.Downloader.IstBar.BO
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\istsv_.exe deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\ist_install.exe=>(Upx) infected: Trojan.Downloader.IstBar.EH
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\ist_install.exe deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\ncmyb.dll infected: Adware.1088
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\ncmyb.dll deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\optimize.exe=>(Upx) infected: Trojan.Downloader.Dyfuca.BQ
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\optimize.exe deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Temporary Internet Files\Content.IE5\SOIJ0VW1\istsvc[1].exe=>(Upx) infected: Trojan.IstSvc.A
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\Temporary Internet Files\Content.IE5\SOIJ0VW1\istsvc[1].exe deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\THI26DE.tmp\preInsTT.exe infected: Adware.Serchentrix.A
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\THI26DE.tmp\preInsTT.exe deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\THI26DE.tmp\twaintec.dll infected: Trojan.Spy.BiSpy.C
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\THI26DE.tmp\twaintec.dll deleted
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\whenu.exe infected: Trojan.Adware.Whenu.B
C:\Documents and Settings\Dogan.SN031290320512\Local Settings\Temp\whenu.exe deleted
C:\Documents and Settings\Onder Dogan\Local Settings\Temp\cln4.tmp infected: Trojan.Downloader.Dyfuca.BW
C:\Documents and Settings\Onder Dogan\Local Settings\Temp\cln4.tmp deleted
C:\Documents and Settings\Recep\Application Data\tsst.exe=>(Upx) infected: Trojan.Adware.BuddyLinks.A
C:\Documents and Settings\Recep\Application Data\tsst.exe deleted
C:\Documents and Settings\Recep\Local Settings\Temp\bi.exe infected: Trojan.Spy.BI.Dropper
C:\Documents and Settings\Recep\Local Settings\Temp\bi.exe deleted
C:\Documents and Settings\Recep\Local Settings\Temp\dload.exe.tcf=>(Upx) infected: Trojan.Downloader.Small.AA
C:\Documents and Settings\Recep\Local Settings\Temp\dload.exe.tcf deleted
C:\Documents and Settings\Recep\Local Settings\Temp\ICD1.tmp\f3Setup1.exe infected: Trojan.Dropper.FunWeb.A
C:\Documents and Settings\Recep\Local Settings\Temp\ICD1.tmp\f3Setup1.exe deleted
C:\Documents and Settings\Recep\Local Settings\Temp\ist_install.exe=>(Upx) infected: Trojan.Downloader.IstBar.CY
C:\Documents and Settings\Recep\Local Settings\Temp\ist_install.exe deleted
C:\Documents and Settings\Recep\Local Settings\Temp\u070104.exe infected: Trojan.Downloader.Small.FV
C:\Documents and Settings\Recep\Local Settings\Temp\u070104.exe deleted
C:\Documents and Settings\Recep\Mijn documenten\LOMALKA[1].RU-SimCity_3000\awi.exe=>(Upx) infected: Trojan.Downloader.INService.A
C:\Documents and Settings\Recep\Mijn documenten\LOMALKA[1].RU-SimCity_3000\awi.exe deleted
C:\Documents and Settings\Recep\Mijn documenten\SimCity3000crackFHCF\crack.exe infected: Trojan.Dropper.Bridge.A
C:\Documents and Settings\Recep\Mijn documenten\SimCity3000crackFHCF\crack.exe deleted
C:\Documents and Settings\Recep\Mijn documenten\Simcity3000keygeneYE\crack.exe infected: Trojan.Dropper.Bridge.A
C:\Documents and Settings\Recep\Mijn documenten\Simcity3000keygeneYE\crack.exe deleted
C:\Documents and Settings\Recep\Mijn documenten\SimCity_3000_by_Birdyman\crack.exe infected: Trojan.Dropper.Bridge.A
C:\Documents and Settings\Recep\Mijn documenten\SimCity_3000_by_Birdyman\crack.exe deleted
C:\Documents and Settings\Recep\Mijn documenten\SimCity_3000_Money_Trainer_+1\crack.exe infected: Trojan.Dropper.Bridge.A
C:\Documents and Settings\Recep\Mijn documenten\SimCity_3000_Money_Trainer_+1\crack.exe deleted
C:\Documents and Settings\Önder.SN031290320512.001\Application Data\tsst.exe=>(Upx) infected: Trojan.Adware.BuddyLinks.A
C:\Documents and Settings\Önder.SN031290320512.001\Application Data\tsst.exe deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\Belt.exe infected: Trojan.Downloader.Stubby.A
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\Belt.exe deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\bi.exe infected: Trojan.Spy.BI.Dropper
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\bi.exe deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\biprep.exe infected: Trojan.Spy.BI
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\biprep.exe deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\cln39.tmp infected: Trojan.Downloader.Dyfuca.AC
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\cln39.tmp deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\cln3A.tmp infected: Trojan.Downloader.Dyfuca.V
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\cln3A.tmp deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\msbb.exe infected: Application.Adware.180solutions.A
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\msbb.exe deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\optimize.exe infected: Trojan.Downloader.Dyfuca.AK
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\optimize.exe deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\THI113F.tmp\preInsTT.exe infected: Adware.Serchentrix.A
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\THI113F.tmp\preInsTT.exe deleted
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\THI113F.tmp\twaintec.dll infected: Trojan.Spy.BiSpy.C
C:\Documents and Settings\Önder.SN031290320512.001\Local Settings\Temp\THI113F.tmp\twaintec.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040417-215304-468.dll infected: Application.IESearchBar
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040417-215304-468.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040417-215304-502.dll infected: Trojan.Clicker.Delf.R
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040417-215304-502.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040417-215305-707.dll infected: Trojan.Downloader.Bridge.A
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040417-215305-707.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040622-225534-442.dll=>(Upx) infected: Trojan.Downloader.IstBar.DW
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040622-225534-442.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040623-153650-172.dll infected: Trojan.Downloader.Dyfuca.AG
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040623-153650-172.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040623-153650-532.dll infected: Trojan.Clicker.Delf.R
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040623-153650-532.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040623-153650-613.dll infected: Trojan.Download.Dyfuca.AD
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040623-153650-613.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040623-153650-690.dll infected: Trojan.Downloader.Bridge.A
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040623-153650-690.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040625-184447-224.dll infected: Trojan.Downloader.Agent.AP
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040625-184447-224.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040625-184646-865.dll infected: Trojan.Downloader.Agent.AP
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040625-184646-865.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040625-195758-778.dll infected: Trojan.Downloader.Agent.AP
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040625-195758-778.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040625-222010-381.dll infected: Trojan.Downloader.Agent.AP
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\backup-20040625-222010-381.dll deleted
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\file3\crack.exe infected: Trojan.Dropper.Bridge.A
C:\Documents and Settings\Önder.SN031290320512.001\Mijn documenten\file3\crack.exe deleted
C:\My Shared Folder\Counter-Strike CD Key-Generator (1) - Full Version.exe infected: Trojan.StomCC.A
C:\My Shared Folder\Counter-Strike CD Key-Generator (1) - Full Version.exe deleted
C:\Program Files\180Search\FLEOK\msbb.exe infected: Adware.1088
C:\Program Files\180Search\FLEOK\msbb.exe deleted
C:\Program Files\180Search\msbb.exe infected: Adware.1088
C:\Program Files\180Search\msbb.exe deleted
C:\Program Files\180Search\ncmyb.dll infected: Adware.1088
C:\Program Files\180Search\ncmyb.dll deleted
C:\Program Files\HTTP Brute Forcer\HTTP Brute Forcer.exe infected: Application.Tool.HTTPBForce.A
C:\Program Files\HTTP Brute Forcer\HTTP Brute Forcer.exe deleted
C:\Program Files\Maxis\SimCity 3000\crack.exe infected: Trojan.Dropper.Bridge.A
C:\Program Files\Maxis\SimCity 3000\crack.exe deleted
C:\RECYCLER\S-1-5-21-252549845-1489447184-2731216593-1005\Dc4\iesearchbar.dll infected: Application.IESearchBar
C:\RECYCLER\S-1-5-21-252549845-1489447184-2731216593-1005\Dc4\iesearchbar.dll deleted
C:\RECYCLER\S-1-5-21-252549845-1489447184-2731216593-1005\Dc5.dll infected: Trojan.Downloader.Bridge.A
C:\RECYCLER\S-1-5-21-252549845-1489447184-2731216593-1005\Dc5.dll deleted
C:\RECYCLER\S-1-5-21-252549845-1489447184-2731216593-1005\Dc6.exe infected: Trojan.Downloader.Stubby.A
C:\RECYCLER\S-1-5-21-252549845-1489447184-2731216593-1005\Dc6.exe deleted
C:\RECYCLER\S-1-5-21-4007134586-3071277128-4237172653-1009\Dc13.exe infected: Trojan.Downloader.Stubby.A
C:\RECYCLER\S-1-5-21-4007134586-3071277128-4237172653-1009\Dc13.exe deleted
C:\RECYCLER\S-1-5-21-4007134586-3071277128-4237172653-1009\Dc16\slmss.exe=>(Upx) infected: Trojan.SecondThought.A
C:\RECYCLER\S-1-5-21-4007134586-3071277128-4237172653-1009\Dc16\slmss.exe deleted
C:\sp.exe infected: Trojan.NSearch.A
C:\sp.exe deleted
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP1\A0000107.COM suspect: Dos.BootInfector
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP1\A0000107.COM copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP14\A0005195.exe infected: Trojan.Downloader.Dyfuca.AC
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP14\A0005195.exe copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP14\A0005196.exe infected: Trojan.Downloader.Dyfuca.AC
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP14\A0005196.exe copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP19\A0007646.exe infected: Trojan.Adware.Whenu.B
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP19\A0007646.exe copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP23\A0009332.exe infected: Adware.1088
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP23\A0009332.exe copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP24\A0009374.exe infected: Adware.1088
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP24\A0009374.exe copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP24\A0011395.exe infected: Adware.1088
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP24\A0011395.exe copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP24\A0011398.exe infected: Trojan.Downloader.Istbar.DX
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP24\A0011398.exe copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP25\A0011823.DLL infected: Trojan.Keylogger.HotKeysHook.A
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP25\A0011823.DLL copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP26\A0011879.exe infected: Trojan.Spy.Briss.E
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP26\A0011879.exe copied
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP39\A0016336.exe infected: Win32.Netsky.AA@mm
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP39\A0016336.exe copied
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Hoi Önder,
Ik wil graag uitzoeken hoe die rare hijack van jou werkt.
Weet je hoe je zelf het register kunt doorzoeken?
Klik Start > Uitvoeren > regedit > OK
In de Register-editor Selecteer je "Deze computer" en klik je op Bewerken > Zoeken
In het venster vul je dan het gezochte in. Dan klik je op volgende zoeken. Als er iets gevonden wordt noteer je dat en dan klik je op F3 om naar de volgende te gaan.
In je virusscan zie ik spyware en trojans, maar geen echte gevaarlijke virussen die Windows bestanden besmetten of zo. Een redelijk groot gedeelte (1/3) zat nog in Herstelpunten en backups van HijackThis ook.
Groetjes,
Pieter
Startpagina problemen
Hier is mijn logflife, ik heb de PC trouwens nog niet opnieuw opgestart.
Logfile of HijackThis v1.97.7
Scan saved at 12:07:21, on 28-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Dit.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\System32\PRISMSTA.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Henk Suichies\Mijn documenten\Mijn programma's\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.innova-webplaner.de/innova/pano/prog/HOL/rundum.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37899.1631597222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Groeten
Hier is mijn logflife, ik heb de PC trouwens nog niet opnieuw opgestart.
Logfile of HijackThis v1.97.7
Scan saved at 12:07:21, on 28-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Dit.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\System32\PRISMSTA.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Henk Suichies\Mijn documenten\Mijn programma's\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.innova-webplaner.de/innova/pano/prog/HOL/rundum.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37899.1631597222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Groeten
H@ns
Terugkerende gebruiker
- Lid geworden
- 22 dec 2003
- Berichten
- 4.824
@Maniac
Ik zie dat je WildTangent op de PC hebt zitten, of in ieder geval de resten ervan.
Verwijder deze met behulp van SpySweeper
Ik zie dat je WildTangent op de PC hebt zitten, of in ieder geval de resten ervan.
Verwijder deze met behulp van SpySweeper
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: ctlonp.dll
Hoi jabo10,
Je bent vanf de CD (of floppies) geboot en gebruikt dan het commando:
del C:\WINDOWS\System32\ctlonp.dll ?
Als je daarna exit gebruikt start je computer weer opnieuw op (boot volgorde terugzetten of floppies eruit halen niet vergeten)
Groetjes,
Pieter
Hoi jabo10,
Je bent vanf de CD (of floppies) geboot en gebruikt dan het commando:
del C:\WINDOWS\System32\ctlonp.dll ?
Als je daarna exit gebruikt start je computer weer opnieuw op (boot volgorde terugzetten of floppies eruit halen niet vergeten)
Groetjes,
Pieter
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: Startpagina problemen
Goed zo.
Kopieer het onderstaande in kladblok.
Noem het bestand Appinit.bat
Sla het op op je bureaublad
Reg save "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" windows1.hiv
ren windows1.hiv windows.txt
Dubbelklik op Appinit.bat
Op je bureaublad wordt een bestand windows.txt gemaakt.
Post de inhoud eens.
Groetjes,
Pieter
Goed zo.
Kopieer het onderstaande in kladblok.
Noem het bestand Appinit.bat
Sla het op op je bureaublad
Reg save "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" windows1.hiv
ren windows1.hiv windows.txt
Dubbelklik op Appinit.bat
Op je bureaublad wordt een bestand windows.txt gemaakt.
Post de inhoud eens.
Groetjes,
Pieter
oossie
Verenigingslid
- Lid geworden
- 19 nov 2002
- Berichten
- 2.364
Pieter, ik zie dat je het hartsikke druk hebt met spywarebestrijding, maar heb je ook nog tijd voor de log van mijn vriendin?
groeten, en sterkte
Oossie
Logfile of HijackThis v1.97.7
Scan saved at 12:32:34, on 28-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\webshots.scr
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe
E:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Webshots.lnk = E:\Paint Shop Pro\Webshot\Webshots\Launcher.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Onderzoek (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37982.7190162037
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game11.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oosthof.net
groeten, en sterkte
Oossie
Logfile of HijackThis v1.97.7
Scan saved at 12:32:34, on 28-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\webshots.scr
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe
E:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Webshots.lnk = E:\Paint Shop Pro\Webshot\Webshots\Launcher.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Onderzoek (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37982.7190162037
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game11.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oosthof.net
- Status
