Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: Re: Re: reactie
Alleeen degenen die ik gequote had graag. :8-0:
Pieter
Alleeen degenen die ik gequote had graag. :8-0:
Pieter
Helpmij tegen spyware offensief (deel 5)
- Onderwerp starter m@rio
- Startdatum
- Status
stevendemunter
Gebruiker
- Lid geworden
- 24 jul 2002
- Berichten
- 704
Logfile of HijackThis v1.97.7
Scan saved at 13:26:59, on 1/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\program files\180solutions\msbb.exe
C:\WINDOWS\System32\qqbbjud.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Lycos\IEagent\Loader.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\STC\ClrSchP070.exe
C:\Program Files\Common Files\Slmss\slmss.exe
C:\Program Files\Plextor\PlexIcon.exe
C:\WINDOWS\mwsvm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\SYSTEM32\CS4P028.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\De Munter Steven\Bureaublad\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=144440
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=144440
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://default-homepage-network.com/start.cgi?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497 - (no file)
R3 - URLSearchHook: (no name) - _{965A592F-8EFA-4250-8630-7960230792F1} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll
O2 - BHO: (no name) - {00000250-0320-4DD4-BE4F-7566D2314352} - C:\WINDOWS\VoiceIP.dll
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Program Files\SUPERBAR\SUPERBAR1.dll
O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\System32\SWin32.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem218.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\nl-be\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SuperBar - {EDB4B508-EE53-4592-A1E0-15EBEC44C2AB} - C:\Program Files\SUPERBAR\SUPERBAR1.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [msbb] c:\program files\180solutions\msbb.exe
O4 - HKLM\..\Run: [algprph] C:\WINDOWS\System32\qqbbjud.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [ozeh] C:\WINDOWS\ozeh.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [ciman32d] C:\WINDOWS\System32\ciman32d.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: TimeSync.lnk = C:\Program Files\J River\Netbox3\NetBox.exe
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: Win32 Classes -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38126.2972800926
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Scan saved at 13:26:59, on 1/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\program files\180solutions\msbb.exe
C:\WINDOWS\System32\qqbbjud.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Lycos\IEagent\Loader.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\STC\ClrSchP070.exe
C:\Program Files\Common Files\Slmss\slmss.exe
C:\Program Files\Plextor\PlexIcon.exe
C:\WINDOWS\mwsvm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\SYSTEM32\CS4P028.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\De Munter Steven\Bureaublad\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=144440
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=144440
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://default-homepage-network.com/start.cgi?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497 - (no file)
R3 - URLSearchHook: (no name) - _{965A592F-8EFA-4250-8630-7960230792F1} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll
O2 - BHO: (no name) - {00000250-0320-4DD4-BE4F-7566D2314352} - C:\WINDOWS\VoiceIP.dll
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Program Files\SUPERBAR\SUPERBAR1.dll
O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\System32\SWin32.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem218.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\nl-be\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SuperBar - {EDB4B508-EE53-4592-A1E0-15EBEC44C2AB} - C:\Program Files\SUPERBAR\SUPERBAR1.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [msbb] c:\program files\180solutions\msbb.exe
O4 - HKLM\..\Run: [algprph] C:\WINDOWS\System32\qqbbjud.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [ozeh] C:\WINDOWS\ozeh.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [ciman32d] C:\WINDOWS\System32\ciman32d.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: TimeSync.lnk = C:\Program Files\J River\Netbox3\NetBox.exe
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: Win32 Classes -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38126.2972800926
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
robert de boer
Gebruiker
- Lid geworden
- 20 mei 2004
- Berichten
- 11
Heel erg bedankt, Hans!!! Ik ben heel blij mee.
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Hoi stevendemunter,
Verplaats hijackthis.exe eerst naar een aparte map. Het programma maakt backups in de map waar de .exe zich bevindt. Dit is nu je bureaublad.
Vink de bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix checked.
Download en run: CWShredder
Gebruik de Fix knop en volg de aanwijzingen van het programma op.
Start dan opnieuw op in veilige modus en verwijder:
c:\installer\id53.exe
C:\WINDOWS\System32\automove.exe
C:\WINDOWS\mwsvm.exe
De rest herkent AdAware wel,. dus scan daar ook nog even mee.
Groetjes,
Pieter
instructies voor 2000 en xp
Hoi Hans,
Hoi Gjwiggers,
Vink bovenstaande aan, sluit alle vensters behalve HijackThis, en klik op Fix Checked.
Run hierna CWShredder door de "Fix" knop te gebruiken.
Reboot je PC hierna in veilige modus en verwijder:
C:\PROGRAM FILES\MYWEBSEARCH << deze map
Reboot weer in veilige modus en volg de instructies op die hier staan:
http://www.helpmij.nl/forum/showthr...threadid=168347
Ik heb alles gedaan, maar de onderstaande link is voor windows 2000 en xp. Ik heb '98 klopt deze opmerking?
Groetjes Ruud
Hoi Hans,
Hoi Gjwiggers,
Vink bovenstaande aan, sluit alle vensters behalve HijackThis, en klik op Fix Checked.
Run hierna CWShredder door de "Fix" knop te gebruiken.
Reboot je PC hierna in veilige modus en verwijder:
C:\PROGRAM FILES\MYWEBSEARCH << deze map
Reboot weer in veilige modus en volg de instructies op die hier staan:
http://www.helpmij.nl/forum/showthr...threadid=168347
Ik heb alles gedaan, maar de onderstaande link is voor windows 2000 en xp. Ik heb '98 klopt deze opmerking?
Groetjes Ruud
pc loopt weer opnieuw vast
Na 2 dagen een log geplaatst te hebben en jullie advies gevolgd met verwijderen, dacht ik eindelijk van mijn problemen verlost te zijn.
Maar niets is minder waar, na 5 minten op internet slaat pc weer vast. Krijg steeds weer bericht bericht dat( u wilt het programma dat niet meer reageert (iexplore.exe) beeindigen.
Wie o wie kan mij helpen??
Bij b.v.d. Markus
Ps heb zowel ad-aware als spybot gebruikt
Logfile of HijackThis v1.98.0
Scan saved at 14:34:07, on 1-7-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\EQPEAK~1\Mapi wipe admin.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\mhoyyj.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Preventon\Personal Firewall\PFwall.exe
C:\WINDOWS\DitExp.exe
C:\DOCUME~1\JANDEV~1\LOCALS~1\Temp\~ef7194.tmp
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\logonvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\IP Insight\ARMon32a.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\NDrv.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Documents and Settings\jan de vries\Local Settings\Temp\Tijdelijke map 3 voor hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchweb2.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll
O2 - BHO: SEND BROWSE - {227E4B96-28EA-0497-05D9-C7EA2A1C22AD} - C:\PROGRA~1\SAFEEN~1\BALL TYPE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Idle Cdrom - {CCD9A6A5-17C4-035B-232D-C01F2C386810} - C:\PROGRA~1\SAFEEN~1\BALL TYPE.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [vgasoftware] C:\PROGRA~1\EQPEAK~1\Mapi wipe admin.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [pwlet] C:\WINDOWS\pwlet.exe
O4 - HKLM\..\Run: [zdbeamgncrvvk] C:\WINDOWS\System32\mhoyyj.exe
O4 - HKLM\..\Run: [riz] C:\WINDOWS\riz.exe
O4 - HKLM\..\Run: [jujej] C:\WINDOWS\jujej.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Preventon Personal Firewall.lnk = C:\Program Files\Preventon\Personal Firewall\PFwall.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\Tcpip\..\windows: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{00FEA863-FD70-44F6-9DED-899D6448C46E}: NameServer = 195.121.1.34 195.121.1.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{414C4234-511A-4B8F-8562-C602A2CD28E7}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{58DD2F78-1C91-4847-8888-17FBA3A9B314}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{757EF1A5-5B1A-49BF-8F6D-39A9CE735E3F}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFA5967E-40B5-475D-95F2-C27ACEDFD96C}: NameServer = 216.127.92.38
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 216.127.92.38
O17 - HKLM\System\CS1\Services\Tcpip\..\windows: NameServer = 216.127.92.38
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 216.127.92.38
O17 - HKLM\System\CS2\Services\Tcpip\..\windows: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38
Na 2 dagen een log geplaatst te hebben en jullie advies gevolgd met verwijderen, dacht ik eindelijk van mijn problemen verlost te zijn.
Maar niets is minder waar, na 5 minten op internet slaat pc weer vast. Krijg steeds weer bericht bericht dat( u wilt het programma dat niet meer reageert (iexplore.exe) beeindigen.
Wie o wie kan mij helpen??
Bij b.v.d. Markus
Ps heb zowel ad-aware als spybot gebruikt
Logfile of HijackThis v1.98.0
Scan saved at 14:34:07, on 1-7-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\EQPEAK~1\Mapi wipe admin.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\mhoyyj.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Preventon\Personal Firewall\PFwall.exe
C:\WINDOWS\DitExp.exe
C:\DOCUME~1\JANDEV~1\LOCALS~1\Temp\~ef7194.tmp
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\logonvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\IP Insight\ARMon32a.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\NDrv.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Documents and Settings\jan de vries\Local Settings\Temp\Tijdelijke map 3 voor hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchweb2.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll
O2 - BHO: SEND BROWSE - {227E4B96-28EA-0497-05D9-C7EA2A1C22AD} - C:\PROGRA~1\SAFEEN~1\BALL TYPE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Idle Cdrom - {CCD9A6A5-17C4-035B-232D-C01F2C386810} - C:\PROGRA~1\SAFEEN~1\BALL TYPE.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [vgasoftware] C:\PROGRA~1\EQPEAK~1\Mapi wipe admin.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [pwlet] C:\WINDOWS\pwlet.exe
O4 - HKLM\..\Run: [zdbeamgncrvvk] C:\WINDOWS\System32\mhoyyj.exe
O4 - HKLM\..\Run: [riz] C:\WINDOWS\riz.exe
O4 - HKLM\..\Run: [jujej] C:\WINDOWS\jujej.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Preventon Personal Firewall.lnk = C:\Program Files\Preventon\Personal Firewall\PFwall.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\Tcpip\..\windows: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{00FEA863-FD70-44F6-9DED-899D6448C46E}: NameServer = 195.121.1.34 195.121.1.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{414C4234-511A-4B8F-8562-C602A2CD28E7}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{58DD2F78-1C91-4847-8888-17FBA3A9B314}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{757EF1A5-5B1A-49BF-8F6D-39A9CE735E3F}: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFA5967E-40B5-475D-95F2-C27ACEDFD96C}: NameServer = 216.127.92.38
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 216.127.92.38
O17 - HKLM\System\CS1\Services\Tcpip\..\windows: NameServer = 216.127.92.38
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 216.127.92.38
O17 - HKLM\System\CS2\Services\Tcpip\..\windows: NameServer = 216.127.92.38
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38
Hoi Hans
Ja volgens mij heb ik de instructies nauwkeurig opgevolgd en datgene aangevinkt en verwijderd wat ik moest verwijderen.
Die avond deed de pc het perfect, maar de volgende dag echter weer zelfde problemen als daarvoor.
Met vr.gr
Markus
Ja volgens mij heb ik de instructies nauwkeurig opgevolgd en datgene aangevinkt en verwijderd wat ik moest verwijderen.
Die avond deed de pc het perfect, maar de volgende dag echter weer zelfde problemen als daarvoor.
Met vr.gr
Markus
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Re: pc loopt weer opnieuw vast
Hoi Markus D,
Unzip hijackthis.exe eerst naar een aparte map. Het programma maakt backups in de map waar de .exe zich bevindt. In een Temp map verdwijnen die nogal gemakkelijk.
Vink de bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix checked.
Start dan opnieuw op in veilige modus en verwijder:
C:\PROGRAM FILES\EQPEAK~1 <= de hele map met het bestand Mapi wipe admin.exe er in
Groetjes,
Pieter
Hoi Markus D,
Unzip hijackthis.exe eerst naar een aparte map. Het programma maakt backups in de map waar de .exe zich bevindt. In een Temp map verdwijnen die nogal gemakkelijk.
Vink de bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix checked.
Start dan opnieuw op in veilige modus en verwijder:
C:\PROGRAM FILES\EQPEAK~1 <= de hele map met het bestand Mapi wipe admin.exe er in
Groetjes,
Pieter
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Post even een nieuw log. Als er teveel verdwenen is moeten we dat kunnen vinden en repareren.
Groetjes,
Pieter
komtie Pieter!
Logfile of HijackThis v1.98.0
Scan saved at 15:11:16, on 1-7-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\winku.exe
C:\WINDOWS\system32\atlbx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Willem\Bureaublad\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cdfug.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://cdfug.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://cdfug.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cdfug.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cdfug.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://cdfug.dll/index.html#96676
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,
O2 - BHO: (no name) - {0B2597DB-F5D8-5A0A-BA74-4E42716BE178} - C:\WINDOWS\system32\atlbx.dll
O4 - HKLM\..\Run: [ntcv.exe] C:\WINDOWS\system32\ntcv.exe
O4 - HKLM\..\Run: [atlbx.exe] C:\WINDOWS\system32\atlbx.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Je hebt dus wel alles aangevinkt en laten fixen.
Heb je een herstelpunt van voor dit "ongelukje" ?
Groetjes,
Pieter
Hoi Peter, bedankt voor je advies, heb alles afgevinkt en verwijderd, alleen verwijderen map in veilige modus is me nog niet gelukt.
Zal wel dom van me zijn, maar kun je me uitleggen hoe ik dit kan doen (ben wel in veilige modus gekomen).
B.v.d Markus
Zal wel dom van me zijn, maar kun je me uitleggen hoe ik dit kan doen (ben wel in veilige modus gekomen).
B.v.d Markus
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
In jouw geval het gemakkelijkste:
Start > Zoeken > BNestanden en mappen > Mapi wipe admin.exe > OK
Zodra het bestand gevonden is selecteer je het in het zoekvenster en dan staat er rechtsboven gevonden in map: C:\Program Files\EQPEAK.....
Het laatste gedeelte van de naam weet ik helaas nier, maar dat is een link en als je er op klikt ga je naar die map toe.
Rechtsklik er dan op en kies Verwijderen.
Groetjes,
Pieter
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
Ga dan terug naar dat herstelpunt en post een nieuw HijackThis log.
Groetjes,
Pieter
Pieter Arntz
Spywareslayer
- Lid geworden
- 12 aug 2001
- Berichten
- 15.621
In veilige modus kan die map niet in gebruik zijn. ben je wel als Administrator of met Administrator rechten ingelogd?
Groetjes,
Pieter
- Status
