Helpmij tegen spyware offensief (deel 6)

  • Onderwerp starter Onderwerp starter m@rio
  • Startdatum Startdatum
Status
Niet open voor verdere reacties.
Geplaatst door kija
ik heb nu alles gedaan. Ik heb in de veilige modus de mappen verwijderd die jij aan gaf. Ik heb weer opgestart in normale modus en wat moet ik nu doen? Moet ik Hijack opnieuw downloaden of zo om een nieuw txt bestand te makena? Help!

groeten Kija
Klik om te vergroten...

Als het goed is, is je pc nu schoon. Je mag nog wel even een nieuw HijackThis-log (zo'n txt bestand dus) maken en hier plaatsen, dan controleren we nog even of alles weg is. Daarvoor hoef je HijackThis niet opnieuw te downloaden, want het zou nog gewoon op je pc moeten staan (in C:\Program Files).:)

Groetjes,

Buffy
 
hello hans..
hier mijn nieuwe log....is ondertussen al een week doorgegaan....is de pc van mijn petekind..dus niet bij mij thuis...vandaar.
gescand met spybot ... vind nog steeds DSOexploit ?
met adaware nog 3 nieuwe...waaronder.. about blank ?
En ja kunt ge ook mijn onnodige startups items aangeven.
DANK BIJVOORBAAT 1000x

Logfile of HijackThis v1.98.0
Scan saved at 17:35:37, on 10/07/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Documents and Settings\Mark Cloosterin\Start Menu\Programs\Startup\netdb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.pandora.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.pandora.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [xload32] C:\WINNT\system32\netdd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Socket Utility] C:\WINNT\system32\svchostz.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\RunServices: [Socket Utility] C:\WINNT\system32\svchostz.exe
O4 - Startup: netdb.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
 
Hoi Kija,

Ik zie in je logje dat je momenteel HijackThis hier hebt staan:

C:\Program Files\HijackThis.exe

daar zou ik even van maken:

C:\Program Files\HijackThis\HijackThis.exe :)

Dus: een nieuwe map aanmaken in Program Files, die noem je HijackThis, dan het HijackThis.exe bestand aanklikken, muisknop in gedrukt houden en het slepen naar die map. zo worden backups in die map gemaakt.

je hoeft niet HijackThis opnieuw te downloaden, je kunt gewoon naar je nieuw aangemaakte map HijackThis gaan, en daar dubbelklikken op HijackThis.exe

Dan start HijackThis weer op, kun je weer op Scan drukken, Save Log en zet je hier weer het logje neer :)


En buffy was me weer voor :( :D
 
Geplaatst door cloosterin

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [xload32] C:\WINNT\system32\netdd.exe
O4 - HKCU\..\RunServices: [Socket Utility] C:\WINNT\system32\svchostz.exe
O4 - Startup: netdb.exe
Klik om te vergroten...

Nog niet helemaal schoon, zoals je ziet.

Die eerste twee zijn schoonheids foutjes, maar de laatste hebben betrekking tot virusjes :(

1) Vink bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix Checked.

2) Start opnieuw op, en draai TrendMicro Online Virusscan en BitDefender

3) Start weer opnieuw op, en plaats weer een nieuw logje :)
 
Geplaatst door buffy


Als het goed is, is je pc nu schoon. Je mag nog wel even een nieuw HijackThis-log (zo'n txt bestand dus) maken en hier plaatsen, dan controleren we nog even of alles weg is. Daarvoor hoef je HijackThis niet opnieuw te downloaden, want het zou nog gewoon op je pc moeten staan (in C:\Program Files).:)

Groetjes,

Buffy
Klik om te vergroten...

Hoi Buffy,

ik plaats weer een txt bestandje ter controle oke?

Logfile of HijackThis v1.98.0
Scan saved at 17:47:42, on 10-07-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
c:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/First2Enter/Portal/portal.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\SYSTEM32\IEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD] C:\DOCUME~1\Ron\MIJNDO~1\MIJNMU~1\POKEMO~1.EXE -r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\run_21.exe
O4 - HKCU\..\Run: [Internet Washer Pro] C:\Program Files\Internet Washer Pro\iw.exe min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://i.rn11.com/iwasher/pptproactauthmirror/internetwasherpro.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

Als ik het zo snel even bekijk lijkt het er op dat alles er nog in zit. Ik hoor het wel weer....
groet
 
dnetc.exe??

Hoihoi beste helpmij.

Ik heb weer iets gedownload waar ik spijt van heb en nu vraagt norton telkens naar dnetc.exe of ik die moet blokkeren of niet. Dat doe ik dus wel ;-)

Kan ik die regel bij HijackThis gewoon deleten?

Ik heb adaware gedraaid.
O ja, als er nog andere dingen instaan die er niet horen??? Dan wil ik dat ook graag weten.
Alvast bedankt
Christine



Logfile of HijackThis v1.97.7
Scan saved at 18:03:35, on 10-7-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\dnetc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Christine\Mijn documenten\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mypip.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AutoUpdate] C:\WINDOWS\System32\dnetc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O8 - Extra context menu item: &Dictionary - http://www.ezreference.com/_/ie-com-p3.htm
O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-p3.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
O16 - DPF: {5B27C20D-FFB6-4054-BA78-DE4A059BC75A} (Microsoft Office Template Downloader) - http://office.microsoft.com/dutch/TemplateGallery/msotd.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.planet.nl/exent/classes/ExentCtl.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37664.0440393519
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
 
Geplaatst door kija

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/First2Enter/Portal/portal.html

O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\run_21.exe
Klik om te vergroten...

Het meeste is er al uit hoor :)

1) Vink bovenstaande aan in HijackThis, sluit alle vensters behalve hijackThis en klik op Fix Checked

2 Start opnieuw op in veilige modus, en verwijder:
C:\Program Files\First2Enter << de hele map!
C:\Windows\System32\run_21.exe << dit bestand!

3) Start nu weer op in normale modus, en plaats nogmaals een nieuw logje :)
 
Re: dnetc.exe??

Geplaatst door Chris10e

O4 - HKLM\..\Run: [AutoUpdate] C:\WINDOWS\System32\dnetc.exe
Klik om te vergroten...

Hoi Chris,

je logje is schoon op een virusje na :D

Je hebt het Bymervirus

1) Vink bovenstaande aan in HijackThis, sluit alle vensters behalve HijackTHis en klik op Fix Checked

2) Start opnieuw op, en draai een TrendMicro Online Virusscan.

3) Start nu weer opnieuw op, en plaats een nieuw logje :)
 
Geplaatst door H@NsiePanzzzer


Het meeste is er al uit hoor :)

1) Vink bovenstaande aan in HijackThis, sluit alle vensters behalve hijackThis en klik op Fix Checked

2 Start opnieuw op in veilige modus, en verwijder:
C:\Program Files\First2Enter << de hele map!
C:\Windows\System32\run_21.exe << dit bestand!

3) Start nu weer op in normale modus, en plaats nogmaals een nieuw logje :)
Klik om te vergroten...


Logfile of HijackThis v1.98.0
Scan saved at 18:32:04, on 10-07-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



Weer een nieuw logje. Ik ben benieuwd of het er uit is. Ik kon de bestanden niet eens vinden in de veilige modus. Ik heb dus niet iets verwijderd nu.
dikke doei
kija

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
c:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\SYSTEM32\IEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD] C:\DOCUME~1\Ron\MIJNDO~1\MIJNMU~1\POKEMO~1.EXE -r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [Internet Washer Pro] C:\Program Files\Internet Washer Pro\iw.exe min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://i.rn11.com/iwasher/pptproactauthmirror/internetwasherpro.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
 
Re: Re: dnetc.exe??

Geplaatst door H@NsiePanzzzer


Hoi Chris,

je logje is schoon op een virusje na :D

Je hebt het Bymervirus

1) Vink bovenstaande aan in HijackThis, sluit alle vensters behalve HijackTHis en klik op Fix Checked

2) Start opnieuw op, en draai een TrendMicro Online Virusscan.

3) Start nu weer opnieuw op, en plaats een nieuw logje :)
Klik om te vergroten...


Oh OEPS wat balen. Belachelijk zeg. Ik had het bewuste bestandje expres nog gescand met norton. :(

Nou ja, ik ben naar die trendmicro gegaan en laat alleen mijn c schijf scannen. Ik neem aan dat dat wel goed is?
By the way: dat kan dus nog wel een tijdje duren.

Panda Active scan? Haalt die dat virus er ook uit?

Alvast bedankt maar weer.

Chris
 
IK WORD GEK

Beste mensen,
Ik ben momenteel bij kennissen en het lijkt wel of hun computer alle rotzooi hebben die er bestaat.

Zou iemand in mijn log kunnen kijken wat er weg kan.

De LOG:
Logfile of HijackThis v1.98.0
Scan saved at 18:56:47, on 10-7-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\etc\tmp\drvmgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\windows\system32\config\tmp\r_server.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\javasz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\msqm.exe
C:\WINDOWS\System32\mcc.exe
C:\WINDOWS\System32\IEHost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\run_21.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\Ifi1OLf7.exe
C:\WINDOWS\System32\Tdn8ab.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\amokq.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://amokq.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://amokq.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\amokq.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\amokq.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://amokq.dll/index.html#96676
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AD33F830-44B7-EC66-5B7A-6B8E94D32434} - C:\WINDOWS\appji.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [msqm.exe] C:\WINDOWS\system32\msqm.exe
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [4YH7PG93GT8EM2] C:\WINDOWS\System32\EkrKZ.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\run_21.exe
O4 - HKLM\..\RunOnce: [winsh.exe] C:\WINDOWS\winsh.exe
O4 - HKLM\..\RunOnce: [d3jd32.exe] C:\WINDOWS\system32\d3jd32.exe
O4 - HKLM\..\RunOnce: [ntro.exe] C:\WINDOWS\ntro.exe
O4 - HKLM\..\RunOnce: [ieym.exe] C:\WINDOWS\system32\ieym.exe
O4 - HKLM\..\RunOnce: [d3wg.exe] C:\WINDOWS\system32\d3wg.exe
O4 - HKLM\..\RunOnce: [addge.exe] C:\WINDOWS\system32\addge.exe
O4 - HKLM\..\RunOnce: [ntxc.exe] C:\WINDOWS\ntxc.exe
O4 - HKLM\..\RunOnce: [ipex32.exe] C:\WINDOWS\system32\ipex32.exe
O4 - HKLM\..\RunOnce: [javasz.exe] C:\WINDOWS\javasz.exe
O4 - HKLM\..\RunOnce: [ieti32.exe] C:\WINDOWS\system32\ieti32.exe
O4 - HKLM\..\RunOnce: [mfcxy.exe] C:\WINDOWS\system32\mfcxy.exe
O4 - HKLM\..\RunOnce: [netyo.exe] C:\WINDOWS\system32\netyo.exe
O4 - HKLM\..\RunOnce: [javaub.exe] C:\WINDOWS\system32\javaub.exe
O4 - HKLM\..\RunOnce: [iewu.exe] C:\WINDOWS\system32\iewu.exe
O4 - HKLM\..\RunOnce: [addiq32.exe] C:\WINDOWS\addiq32.exe
O4 - HKLM\..\RunOnce: [javaru32.exe] C:\WINDOWS\system32\javaru32.exe
O4 - HKLM\..\RunOnce: [netws32.exe] C:\WINDOWS\system32\netws32.exe
O4 - HKLM\..\RunOnce: [ipif.exe] C:\WINDOWS\system32\ipif.exe
O4 - HKLM\..\RunOnce: [wintw.exe] C:\WINDOWS\system32\wintw.exe
O4 - HKLM\..\RunOnce: [atlaw.exe] C:\WINDOWS\atlaw.exe
O4 - HKLM\..\RunOnce: [ipje.exe] C:\WINDOWS\system32\ipje.exe
O4 - HKLM\..\RunOnce: [iexd32.exe] C:\WINDOWS\system32\iexd32.exe
O4 - HKLM\..\RunOnce: [winlx.exe] C:\WINDOWS\system32\winlx.exe
O4 - HKLM\..\RunOnce: [javafm32.exe] C:\WINDOWS\javafm32.exe
O4 - HKLM\..\RunOnce: [mski.exe] C:\WINDOWS\system32\mski.exe
O4 - HKLM\..\RunOnce: [sdkld.exe] C:\WINDOWS\system32\sdkld.exe
O4 - HKLM\..\RunOnce: [atlqt32.exe] C:\WINDOWS\atlqt32.exe
O4 - HKLM\..\RunOnce: [ntef.exe] C:\WINDOWS\system32\ntef.exe
O4 - HKLM\..\RunOnce: [sysst.exe] C:\WINDOWS\system32\sysst.exe
O4 - HKLM\..\RunOnce: [mfcxv.exe] C:\WINDOWS\system32\mfcxv.exe
O4 - HKLM\..\RunOnce: [ieye32.exe] C:\WINDOWS\ieye32.exe
O4 - HKLM\..\RunOnce: [apiqm.exe] C:\WINDOWS\apiqm.exe
O4 - HKLM\..\RunOnce: [sysim32.exe] C:\WINDOWS\sysim32.exe
O4 - HKLM\..\RunOnce: [msvq.exe] C:\WINDOWS\msvq.exe
O4 - HKLM\..\RunOnce: [ntbg32.exe] C:\WINDOWS\system32\ntbg32.exe
O4 - HKLM\..\RunOnce: [javavp32.exe] C:\WINDOWS\system32\javavp32.exe
O4 - HKLM\..\RunOnce: [sdkre32.exe] C:\WINDOWS\sdkre32.exe
O4 - HKLM\..\RunOnce: [syspk32.exe] C:\WINDOWS\system32\syspk32.exe
O4 - HKLM\..\RunOnce: [appfr.exe] C:\WINDOWS\system32\appfr.exe
O4 - HKLM\..\RunOnce: [winwr32.exe] C:\WINDOWS\winwr32.exe
O4 - HKLM\..\RunOnce: [wingi.exe] C:\WINDOWS\wingi.exe
O4 - HKLM\..\RunOnce: [javabx.exe] C:\WINDOWS\system32\javabx.exe
O4 - HKLM\..\RunOnce: [msnt32.exe] C:\WINDOWS\system32\msnt32.exe
O4 - HKLM\..\RunOnce: [apiox32.exe] C:\WINDOWS\apiox32.exe
O4 - HKLM\..\RunOnce: [sdkmt32.exe] C:\WINDOWS\sdkmt32.exe
O4 - HKLM\..\RunOnce: [ieug32.exe] C:\WINDOWS\ieug32.exe
O4 - HKLM\..\RunOnce: [ntbm32.exe] C:\WINDOWS\system32\ntbm32.exe
O4 - HKLM\..\RunOnce: [apikh32.exe] C:\WINDOWS\system32\apikh32.exe
O4 - HKLM\..\RunOnce: [javako32.exe] C:\WINDOWS\system32\javako32.exe
O4 - HKLM\..\RunOnce: [atllu32.exe] C:\WINDOWS\atllu32.exe
O4 - HKLM\..\RunOnce: [ipcv.exe] C:\WINDOWS\system32\ipcv.exe
O4 - HKLM\..\RunOnce: [msbm32.exe] C:\WINDOWS\msbm32.exe
O4 - HKLM\..\RunOnce: [apiwa.exe] C:\WINDOWS\system32\apiwa.exe
O4 - HKLM\..\RunOnce: [d3kp32.exe] C:\WINDOWS\system32\d3kp32.exe
O4 - HKLM\..\RunOnce: [apikx32.exe] C:\WINDOWS\system32\apikx32.exe
O4 - HKLM\..\RunOnce: [ipdo32.exe] C:\WINDOWS\ipdo32.exe
O4 - HKLM\..\RunOnce: [atlep.exe] C:\WINDOWS\atlep.exe
O4 - HKLM\..\RunOnce: [syses.exe] C:\WINDOWS\syses.exe
O4 - HKLM\..\RunOnce: [msgm32.exe] C:\WINDOWS\system32\msgm32.exe
O4 - HKLM\..\RunOnce: [ieic.exe] C:\WINDOWS\system32\ieic.exe
O4 - HKLM\..\RunOnce: [ipls32.exe] C:\WINDOWS\system32\ipls32.exe
O4 - HKLM\..\RunOnce: [d3kq32.exe] C:\WINDOWS\system32\d3kq32.exe
O4 - HKLM\..\RunOnce: [atlsa32.exe] C:\WINDOWS\atlsa32.exe
O4 - HKLM\..\RunOnce: [d3zt32.exe] C:\WINDOWS\system32\d3zt32.exe
O4 - HKLM\..\RunOnce: [msdg.exe] C:\WINDOWS\system32\msdg.exe
O4 - HKLM\..\RunOnce: [netsx32.exe] C:\WINDOWS\system32\netsx32.exe
O4 - HKLM\..\RunOnce: [sdkdk.exe] C:\WINDOWS\system32\sdkdk.exe
O4 - HKLM\..\RunOnce: [iejv.exe] C:\WINDOWS\iejv.exe
O4 - HKLM\..\RunOnce: [apiau32.exe] C:\WINDOWS\system32\apiau32.exe
O4 - HKLM\..\RunOnce: [sdkjh32.exe] C:\WINDOWS\system32\sdkjh32.exe
O4 - HKLM\..\RunOnce: [atllc.exe] C:\WINDOWS\atllc.exe
O4 - HKLM\..\RunOnce: [ntqe.exe] C:\WINDOWS\system32\ntqe.exe
O4 - HKLM\..\RunOnce: [sdkwb32.exe] C:\WINDOWS\system32\sdkwb32.exe
O4 - HKLM\..\RunOnce: [msbc.exe] C:\WINDOWS\msbc.exe
O4 - HKLM\..\RunOnce: [sdkbt.exe] C:\WINDOWS\sdkbt.exe
O4 - HKLM\..\RunOnce: [ipvt.exe] C:\WINDOWS\ipvt.exe
O4 - HKLM\..\RunOnce: [d3oq32.exe] C:\WINDOWS\system32\d3oq32.exe
O4 - HKLM\..\RunOnce: [mfciz.exe] C:\WINDOWS\system32\mfciz.exe
O4 - HKLM\..\RunOnce: [appeb.exe] C:\WINDOWS\appeb.exe
O4 - HKLM\..\RunOnce: [crzx32.exe] C:\WINDOWS\crzx32.exe
O4 - HKLM\..\RunOnce: [mfcmm32.exe] C:\WINDOWS\system32\mfcmm32.exe
O4 - HKLM\..\RunOnce: [ntde.exe] C:\WINDOWS\system32\ntde.exe
O4 - HKLM\..\RunOnce: [sysge.exe] C:\WINDOWS\system32\sysge.exe
O4 - HKLM\..\RunOnce: [winuy.exe] C:\WINDOWS\winuy.exe
O4 - HKLM\..\RunOnce: [addzd.exe] C:\WINDOWS\addzd.exe
O4 - HKLM\..\RunOnce: [apisu.exe] C:\WINDOWS\system32\apisu.exe
O4 - HKLM\..\RunOnce: [addzx.exe] C:\WINDOWS\addzx.exe
O4 - HKLM\..\RunOnce: [iecc32.exe] C:\WINDOWS\system32\iecc32.exe
O4 - HKLM\..\RunOnce: [apivb32.exe] C:\WINDOWS\system32\apivb32.exe
O4 - HKLM\..\RunOnce: [mfcdw32.exe] C:\WINDOWS\system32\mfcdw32.exe
O4 - HKLM\..\RunOnce: [apisr.exe] C:\WINDOWS\system32\apisr.exe
O4 - HKLM\..\RunOnce: [atlhh.exe] C:\WINDOWS\system32\atlhh.exe
O4 - HKLM\..\RunOnce: [mslz32.exe] C:\WINDOWS\system32\mslz32.exe
O4 - HKLM\..\RunOnce: [mslk.exe] C:\WINDOWS\mslk.exe
O4 - HKLM\..\RunOnce: [mfcmq.exe] C:\WINDOWS\system32\mfcmq.exe
O4 - HKLM\..\RunOnce: [appbf.exe] C:\WINDOWS\appbf.exe
O4 - HKLM\..\RunOnce: [winat32.exe] C:\WINDOWS\winat32.exe
O4 - HKLM\..\RunOnce: [nthn.exe] C:\WINDOWS\nthn.exe
O4 - HKLM\..\RunOnce: [javafp.exe] C:\WINDOWS\system32\javafp.exe
O4 - HKLM\..\RunOnce: [mfcii.exe] C:\WINDOWS\mfcii.exe
O4 - HKLM\..\RunOnce: [ntsk.exe] C:\WINDOWS\system32\ntsk.exe
O4 - HKLM\..\RunOnce: [atlum32.exe] C:\WINDOWS\atlum32.exe
O4 - HKLM\..\RunOnce: [msxx.exe] C:\WINDOWS\msxx.exe
O4 - HKLM\..\RunOnce: [apppt.exe] C:\WINDOWS\apppt.exe
O4 - HKLM\..\RunOnce: [cruu32.exe] C:\WINDOWS\cruu32.exe
O4 - HKLM\..\RunOnce: [ieyg.exe] C:\WINDOWS\ieyg.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O13 - DefaultPrefix: http://nkvd.us/1525/
O13 - WWW Prefix: http://nkvd.us/1525/
O13 - Home Prefix: http://nkvd.us/1525/
O13 - Mosaic Prefix: http://nkvd.us/1525/
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

Alvast bedankt, want ik snap er geen **** meer van!!!

Jeroen
 
Re: Re: Re: dnetc.exe??

Geplaatst door Chris10e



Oh OEPS wat balen. Belachelijk zeg. Ik had het bewuste bestandje expres nog gescand met norton. :(

Nou ja, ik ben naar die trendmicro gegaan en laat alleen mijn c schijf scannen. Ik neem aan dat dat wel goed is?
By the way: dat kan dus nog wel een tijdje duren.

Panda Active scan? Haalt die dat virus er ook uit?

Alvast bedankt maar weer.

Chris
Klik om te vergroten...

Aangezien het virus in Herfst 2000 ontdekt is, zal het vast wel gedetecteerd worden door de goede virusscanners :)
 
Re: IK WORD GEK

Geplaatst door *Baia*

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\amokq.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://amokq.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://amokq.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\amokq.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\amokq.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://amokq.dll/index.html#96676

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {AD33F830-44B7-EC66-5B7A-6B8E94D32434} - C:\WINDOWS\appji.dll

O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [msqm.exe] C:\WINDOWS\system32\msqm.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [4YH7PG93GT8EM2] C:\WINDOWS\System32\EkrKZ.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\run_21.exe
O4 - HKLM\..\RunOnce: [winsh.exe] C:\WINDOWS\winsh.exe
O4 - HKLM\..\RunOnce: [d3jd32.exe] C:\WINDOWS\system32\d3jd32.exe
O4 - HKLM\..\RunOnce: [ntro.exe] C:\WINDOWS\ntro.exe
O4 - HKLM\..\RunOnce: [ieym.exe] C:\WINDOWS\system32\ieym.exe
O4 - HKLM\..\RunOnce: [d3wg.exe] C:\WINDOWS\system32\d3wg.exe
O4 - HKLM\..\RunOnce: [addge.exe] C:\WINDOWS\system32\addge.exe
O4 - HKLM\..\RunOnce: [ntxc.exe] C:\WINDOWS\ntxc.exe
O4 - HKLM\..\RunOnce: [ipex32.exe] C:\WINDOWS\system32\ipex32.exe
O4 - HKLM\..\RunOnce: [javasz.exe] C:\WINDOWS\javasz.exe
O4 - HKLM\..\RunOnce: [ieti32.exe] C:\WINDOWS\system32\ieti32.exe
O4 - HKLM\..\RunOnce: [mfcxy.exe] C:\WINDOWS\system32\mfcxy.exe
O4 - HKLM\..\RunOnce: [netyo.exe] C:\WINDOWS\system32\netyo.exe
O4 - HKLM\..\RunOnce: [javaub.exe] C:\WINDOWS\system32\javaub.exe
O4 - HKLM\..\RunOnce: [iewu.exe] C:\WINDOWS\system32\iewu.exe
O4 - HKLM\..\RunOnce: [addiq32.exe] C:\WINDOWS\addiq32.exe
O4 - HKLM\..\RunOnce: [javaru32.exe] C:\WINDOWS\system32\javaru32.exe
O4 - HKLM\..\RunOnce: [netws32.exe] C:\WINDOWS\system32\netws32.exe
O4 - HKLM\..\RunOnce: [ipif.exe] C:\WINDOWS\system32\ipif.exe
O4 - HKLM\..\RunOnce: [wintw.exe] C:\WINDOWS\system32\wintw.exe
O4 - HKLM\..\RunOnce: [atlaw.exe] C:\WINDOWS\atlaw.exe
O4 - HKLM\..\RunOnce: [ipje.exe] C:\WINDOWS\system32\ipje.exe
O4 - HKLM\..\RunOnce: [iexd32.exe] C:\WINDOWS\system32\iexd32.exe
O4 - HKLM\..\RunOnce: [winlx.exe] C:\WINDOWS\system32\winlx.exe
O4 - HKLM\..\RunOnce: [javafm32.exe] C:\WINDOWS\javafm32.exe
O4 - HKLM\..\RunOnce: [mski.exe] C:\WINDOWS\system32\mski.exe
O4 - HKLM\..\RunOnce: [sdkld.exe] C:\WINDOWS\system32\sdkld.exe
O4 - HKLM\..\RunOnce: [atlqt32.exe] C:\WINDOWS\atlqt32.exe
O4 - HKLM\..\RunOnce: [ntef.exe] C:\WINDOWS\system32\ntef.exe
O4 - HKLM\..\RunOnce: [sysst.exe] C:\WINDOWS\system32\sysst.exe
O4 - HKLM\..\RunOnce: [mfcxv.exe] C:\WINDOWS\system32\mfcxv.exe
O4 - HKLM\..\RunOnce: [ieye32.exe] C:\WINDOWS\ieye32.exe
O4 - HKLM\..\RunOnce: [apiqm.exe] C:\WINDOWS\apiqm.exe
O4 - HKLM\..\RunOnce: [sysim32.exe] C:\WINDOWS\sysim32.exe
O4 - HKLM\..\RunOnce: [msvq.exe] C:\WINDOWS\msvq.exe
O4 - HKLM\..\RunOnce: [ntbg32.exe] C:\WINDOWS\system32\ntbg32.exe
O4 - HKLM\..\RunOnce: [javavp32.exe] C:\WINDOWS\system32\javavp32.exe
O4 - HKLM\..\RunOnce: [sdkre32.exe] C:\WINDOWS\sdkre32.exe
O4 - HKLM\..\RunOnce: [syspk32.exe] C:\WINDOWS\system32\syspk32.exe
O4 - HKLM\..\RunOnce: [appfr.exe] C:\WINDOWS\system32\appfr.exe
O4 - HKLM\..\RunOnce: [winwr32.exe] C:\WINDOWS\winwr32.exe
O4 - HKLM\..\RunOnce: [wingi.exe] C:\WINDOWS\wingi.exe
O4 - HKLM\..\RunOnce: [javabx.exe] C:\WINDOWS\system32\javabx.exe
O4 - HKLM\..\RunOnce: [msnt32.exe] C:\WINDOWS\system32\msnt32.exe
O4 - HKLM\..\RunOnce: [apiox32.exe] C:\WINDOWS\apiox32.exe
O4 - HKLM\..\RunOnce: [sdkmt32.exe] C:\WINDOWS\sdkmt32.exe
O4 - HKLM\..\RunOnce: [ieug32.exe] C:\WINDOWS\ieug32.exe
O4 - HKLM\..\RunOnce: [ntbm32.exe] C:\WINDOWS\system32\ntbm32.exe
O4 - HKLM\..\RunOnce: [apikh32.exe] C:\WINDOWS\system32\apikh32.exe
O4 - HKLM\..\RunOnce: [javako32.exe] C:\WINDOWS\system32\javako32.exe
O4 - HKLM\..\RunOnce: [atllu32.exe] C:\WINDOWS\atllu32.exe
O4 - HKLM\..\RunOnce: [ipcv.exe] C:\WINDOWS\system32\ipcv.exe
O4 - HKLM\..\RunOnce: [msbm32.exe] C:\WINDOWS\msbm32.exe
O4 - HKLM\..\RunOnce: [apiwa.exe] C:\WINDOWS\system32\apiwa.exe
O4 - HKLM\..\RunOnce: [d3kp32.exe] C:\WINDOWS\system32\d3kp32.exe
O4 - HKLM\..\RunOnce: [apikx32.exe] C:\WINDOWS\system32\apikx32.exe
O4 - HKLM\..\RunOnce: [ipdo32.exe] C:\WINDOWS\ipdo32.exe
O4 - HKLM\..\RunOnce: [atlep.exe] C:\WINDOWS\atlep.exe
O4 - HKLM\..\RunOnce: [syses.exe] C:\WINDOWS\syses.exe
O4 - HKLM\..\RunOnce: [msgm32.exe] C:\WINDOWS\system32\msgm32.exe
O4 - HKLM\..\RunOnce: [ieic.exe] C:\WINDOWS\system32\ieic.exe
O4 - HKLM\..\RunOnce: [ipls32.exe] C:\WINDOWS\system32\ipls32.exe
O4 - HKLM\..\RunOnce: [d3kq32.exe] C:\WINDOWS\system32\d3kq32.exe
O4 - HKLM\..\RunOnce: [atlsa32.exe] C:\WINDOWS\atlsa32.exe
O4 - HKLM\..\RunOnce: [d3zt32.exe] C:\WINDOWS\system32\d3zt32.exe
O4 - HKLM\..\RunOnce: [msdg.exe] C:\WINDOWS\system32\msdg.exe
O4 - HKLM\..\RunOnce: [netsx32.exe] C:\WINDOWS\system32\netsx32.exe
O4 - HKLM\..\RunOnce: [sdkdk.exe] C:\WINDOWS\system32\sdkdk.exe
O4 - HKLM\..\RunOnce: [iejv.exe] C:\WINDOWS\iejv.exe
O4 - HKLM\..\RunOnce: [apiau32.exe] C:\WINDOWS\system32\apiau32.exe
O4 - HKLM\..\RunOnce: [sdkjh32.exe] C:\WINDOWS\system32\sdkjh32.exe
O4 - HKLM\..\RunOnce: [atllc.exe] C:\WINDOWS\atllc.exe
O4 - HKLM\..\RunOnce: [ntqe.exe] C:\WINDOWS\system32\ntqe.exe
O4 - HKLM\..\RunOnce: [sdkwb32.exe] C:\WINDOWS\system32\sdkwb32.exe
O4 - HKLM\..\RunOnce: [msbc.exe] C:\WINDOWS\msbc.exe
O4 - HKLM\..\RunOnce: [sdkbt.exe] C:\WINDOWS\sdkbt.exe
O4 - HKLM\..\RunOnce: [ipvt.exe] C:\WINDOWS\ipvt.exe
O4 - HKLM\..\RunOnce: [d3oq32.exe] C:\WINDOWS\system32\d3oq32.exe
O4 - HKLM\..\RunOnce: [mfciz.exe] C:\WINDOWS\system32\mfciz.exe
O4 - HKLM\..\RunOnce: [appeb.exe] C:\WINDOWS\appeb.exe
O4 - HKLM\..\RunOnce: [crzx32.exe] C:\WINDOWS\crzx32.exe
O4 - HKLM\..\RunOnce: [mfcmm32.exe] C:\WINDOWS\system32\mfcmm32.exe
O4 - HKLM\..\RunOnce: [ntde.exe] C:\WINDOWS\system32\ntde.exe
O4 - HKLM\..\RunOnce: [sysge.exe] C:\WINDOWS\system32\sysge.exe
O4 - HKLM\..\RunOnce: [winuy.exe] C:\WINDOWS\winuy.exe
O4 - HKLM\..\RunOnce: [addzd.exe] C:\WINDOWS\addzd.exe
O4 - HKLM\..\RunOnce: [apisu.exe] C:\WINDOWS\system32\apisu.exe
O4 - HKLM\..\RunOnce: [addzx.exe] C:\WINDOWS\addzx.exe
O4 - HKLM\..\RunOnce: [iecc32.exe] C:\WINDOWS\system32\iecc32.exe
O4 - HKLM\..\RunOnce: [apivb32.exe] C:\WINDOWS\system32\apivb32.exe
O4 - HKLM\..\RunOnce: [mfcdw32.exe] C:\WINDOWS\system32\mfcdw32.exe
O4 - HKLM\..\RunOnce: [apisr.exe] C:\WINDOWS\system32\apisr.exe
O4 - HKLM\..\RunOnce: [atlhh.exe] C:\WINDOWS\system32\atlhh.exe
O4 - HKLM\..\RunOnce: [mslz32.exe] C:\WINDOWS\system32\mslz32.exe
O4 - HKLM\..\RunOnce: [mslk.exe] C:\WINDOWS\mslk.exe
O4 - HKLM\..\RunOnce: [mfcmq.exe] C:\WINDOWS\system32\mfcmq.exe
O4 - HKLM\..\RunOnce: [appbf.exe] C:\WINDOWS\appbf.exe
O4 - HKLM\..\RunOnce: [winat32.exe] C:\WINDOWS\winat32.exe
O4 - HKLM\..\RunOnce: [nthn.exe] C:\WINDOWS\nthn.exe
O4 - HKLM\..\RunOnce: [javafp.exe] C:\WINDOWS\system32\javafp.exe
O4 - HKLM\..\RunOnce: [mfcii.exe] C:\WINDOWS\mfcii.exe
O4 - HKLM\..\RunOnce: [ntsk.exe] C:\WINDOWS\system32\ntsk.exe
O4 - HKLM\..\RunOnce: [atlum32.exe] C:\WINDOWS\atlum32.exe
O4 - HKLM\..\RunOnce: [msxx.exe] C:\WINDOWS\msxx.exe
O4 - HKLM\..\RunOnce: [apppt.exe] C:\WINDOWS\apppt.exe
O4 - HKLM\..\RunOnce: [cruu32.exe] C:\WINDOWS\cruu32.exe
O4 - HKLM\..\RunOnce: [ieyg.exe] C:\WINDOWS\ieyg.exe

O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

O13 - DefaultPrefix: http://nkvd.us/1525/
O13 - WWW Prefix: http://nkvd.us/1525/
O13 - Home Prefix: http://nkvd.us/1525/
O13 - Mosaic Prefix: http://nkvd.us/1525/

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll
Klik om te vergroten...

Hoi Jeroen,

1) Vink bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis, en klik op Fix Checked.

2) Start opnieuw op in veilige modus, en verwijder:
de mappen
C:\Program Files\Common files\updater
C:\Program Files\AutoUpdate
C:\Program Files\Common Files\Dpi


de bestanden
C:\WINDOWS\appji.dll
C:\WINDOWS\system32\msqm.exe
C:\WINDOWS\System32\IEHost.exe
C:\WINDOWS\System32\EkrKZ.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\WINDOWS\System32\run_21.exe
C:\WINDOWS\System32\toolbar.dll


3) Start opnieuw op in normale modus

4) Draai TrendMicro Online Virusscan

5) Reboot.

6) Draai BitDefender

7) Reboot

8) Voer de instructies uit die in dit topic staan

9) Reboot weer en maak een nieuw logje.

Suc6 met het aanvinken. Ik ben niet verantwoordelijk voor lamme handjes :p
 
Laatst bewerkt:
Hier een log van een vriend van me...zit naar mijn mening vol rotzooi...


Logfile of HijackThis v1.98.0
Scan saved at 01:29:26, on 1/01/2000
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WMPLAYER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.skynet.be/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.linksummary.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.helpmij.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.belgacom.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freevideolinks.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.linksummary.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [winupgrade] c:\wmplayer.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Agenda-herinneringen.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.belgacom.net


Alvast bedankt,

Raisa
 
Geplaatst door buffy


Hallo Kija,

Goed gedaan! Geen spyware meer.:thumb:

Nu dit nog even lezen: http://home.planet.nl/~kleyn080/Spywareinfonl.html#voorkomen

Groetjes,

Buffy
Klik om te vergroten...


Ik ben jullie zeer dankbaar. Ik hoop dat ik er nu voor een tijdje van af ben. Ik zal jullie tip ook nog even door worstelen. Heel, heel hartelijk dank, Buffy en natuurlijk Hans. Julie hebben me er uitstekend mee geholpen, met taal die ik kon begrijpen. Chapeau!!!!!!!!!!!!!!!!!!!
dikke doei
Kija
 
Geplaatst door Raisa

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.linksummary.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freevideolinks.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.linksummary.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
Klik om te vergroten...

1) Windows Update

2) Vink bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis, en klik op Fix Checked.

3) Reboot.

Hier heb ik mijn twijfels over:
"O4 - HKLM\..\Run: [winupgrade] c:\wmplayer.exe "

Vooral dat "Winupgrade" klinkt niet zo fris.

Draai voor de zekerheid eens een TrendMicro Online Virusscan
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan