Helpmij tegen spyware offensief (deel 6)

  • Onderwerp starter Onderwerp starter m@rio
  • Startdatum Startdatum
Status
Niet open voor verdere reacties.
Geplaatst door cloosterin

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

F2 - REG:system.ini: Shell=explorer.exe C:\WINNT\system32\netdc.exe

O2 - BHO: (no name) - {0C091C5F-7C08-43C3-B45C-59F619D73D5E} - (no file)
O2 - BHO: (no name) - {EFCD1683-1DCF-4167-A4EC-E5ADA52DAA13} - (no file)

O4 - HKCU\..\Run: [Socket Utility] C:\WINNT\system32\svchostz.exe

O18 - Filter: text/html - {33B15EBC-D507-4A87-833B-2DBDACF5489B} - (no file)
O18 - Filter: text/plain - {33B15EBC-D507-4A87-833B-2DBDACF5489B} - (no file)
O20 - AppInit_DLLs: C:\WINNT\system32\msoo.dll
Klik om te vergroten...

Hoi Cloosterin,

1) Vink bovenstaande aan in HijackThis, sluit alle vensters behalve HijackThis en klik op FIx checked.

2) Start nu opnieuw op in veilige modus, en verwijder:
C:\WINNT\system32\netdc.exe << bestand
C:\WINNT\system32\netdb.exe << bestand
C:\WINNT\system32\svchostz.exe << bestand (LET OP DE SPELLING!!!!)
C:\WINNT\system32\msoo.dll << bestand

3) Reboot, en post hierna een nieuw logje.
 
Geplaatst door Ned441

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omegasearch.com/searchbar.html

O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O1 - Hosts: ÀI0ÀI000èß0èß0 0 0¨0¨0°0°0¸È0¸È0À0À0È0È0Ð0Ð0Ø0Ø0à ((.............))!°!¸!¸!À!À!È!È!Ð!Ð!Ø!Ø!à!à!è!è!ð!ð!ø!ø!

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/108563951a84c98c0f21/netzip/RdxIE601.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/nike/nikefz4/install.cab
Klik om te vergroten...

Hoi Ned,

1) Download CWShredder, maar gebruik het nog niet.

2) Vink bovenstaande aan in HijackThis, sluit alle andere vensters en browsers, en klik op Fix Checked.

3) Draai nu CWShredder, door de Fix knop te gebruiken en de aanwijzingen van het programma te volgen. (Als hij niets meer vindt is dat alleen maar goed)

4) Start opnieuw op in veilige modus, en verwijder:
C:\Program Files\WildTangent

5) Download LSP Fix, en run het.
Vink het vakje aan "I know what i'm doing", en zorg ervoor dat je alle items mbt "inetadpt.dll " naar de rechterkant gaan (Remove)
Klik hierna op "Finish"

6) Start opnieuw op, maak een nieuw logje aan met HijackThis, en plaats dat logje hier.
 
Geplaatst door Robert Jens

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.html?[url]http://www.hotmail.com/[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.izpoaegxnjnvowirqoc.info...51q2QTO/I0t/vRhtzABZqSHn4bdO4dvb_6g7DsRW.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/First2Enter/Portal/portal.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://mysearchnow.com/passthrough/...C:/Program Files/NowOnline/Portal/portal.html[/url]

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {CCB227C1-574B-85C2-FC85-CB8F54D3CB9E} - C:\PROGRAM FILES\MEOW TEAM BIN\LONG MATH.EXE
O2 - BHO: CBho404 Object - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINDOWS\SYSTEM\INETP60.DLL

O4 - HKLM\..\Run: [flap bows] C:\PROGRA~1\PLAYME~1\Okay Acid.exe
O4 - HKLM\..\Run: [SexCams_nl] C:\Program Files\SCom\Dialers\SexCams_nl\SexCams_nl.exe /dontdial
O4 - HKLM\..\Run: [sncntr] c:\windows\system\sncntr.exe /nocomm
O4 - HKLM\..\Run: [Classes] C:\WINDOWS\SYSTEM\SRV.EXE
O4 - HKLM\..\Run: [ltibrcc] C:\WINDOWS\SYSTEM\dryzfwko.exe
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [for default vc great] C:\WINDOWS\Application Data\first pure for default\Glue beep.exe
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [VVSN] C:\PROGRAM FILES\VVSN\VVSN.EXE
O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINDOWS\SYSTEM\INETP60.DLL,DllRunServer
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKCU\..\Run: [Asmw Soft Popups Burner] C:\PROGRAM FILES\ASMWSOFT\ASMW PC-OPTIMIZER PRO\popups burner.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1012.dll,InstantAccess
O4 - HKCU\..\Run: [Cwcr] C:\WINDOWS\Application Data\aeop.exe
O4 - HKCU\..\Run: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\SYSTEM\NDrv.exe
O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT.EXE
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\SYSTEM\SYSTEM.EXE

O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {C2326BDF-43B0-431F-940A-52D042621188} (Dial.getdial) - http://www.mediaswitch.nl/eromedia/mediaswitch.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1} (PremiumHTML Class) - http://www.accesoplugin.com/dialercab/IberoDialerHTML.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1014021.exe
Klik om te vergroten...

:8-0: Dialers gespaard? Gedenkwaardige collectie spyware en dergelijke :(

1) Download `CWShredder, maar gebruik het nog niet.

2) Vink bovenstaande aan in HijackThis, sluit alle andere vensters en browsers, en klik op Fix Checked.

3) Draai nu CWShredder, door de Fix knop te gebruiken en de aanwijzingen van het programma te volgen. (Als hij niets meer vindt is dat alleen maar goed)

4) Start opnieuw op in veilige modus, en verwijder:
MAPPEN
C:\Program Files\NowOnline
C:\Program Files\First2Enter
C:\PROGRAM FILES\MEOW TEAM BIN
C:\PROGRAM FILES\PLAYME...
C:\Program Files\SCom
C:\WINDOWS\Application Data\first pure for default
C:\PROGRAM FILES\VVSN
C:\PROGRAM FILES\ASMWSOFT

BESTANDEN
C:\WINDOWS\SYSTEM\INETP60.DLL
c:\windows\system\sncntr.exe
C:\WINDOWS\SYSTEM\SRV.EXE
C:\WINDOWS\SYSTEM\dryzfwko.exe
C:\WINDOWS\ALCHEM.exe
C:\WINDOWS\Application Data\aeop.exe
C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE
C:\WINDOWS\SYSTEM\NDrv.exe
C:\WINDOWS\mslagent\MSLAGENT.EXE
C:\WINDOWS\SYSTEM\SYSTEM.EXE << KIJK UIT DAT JE SYSTEM.EXE ALLEEN UIT DEZE MAP VERWIJDERD!

5) Start opnieuw op in normale modus, en run een volledig up to date scan van Ad Aware en Spybot S&D.

6) Start opnieuw op, en laat TrendMicro op virussen en dergelijke troep scannen

7) Start weer opnieuw op, download The Cleaner en laat deze draaien.

8) Reboot voor een laatste keer, maak een nieuw logje aan in HijackThis en post dat hier.
 
Re: rare startpagina

Geplaatst door Gimli
Klik om te vergroten...

Misschien gebruik je een verouderde versie van HijackThis? De nieuwste is 1.98.0. Download deze even, en maak een nieuw log aan. Ik wil graag de Running processes zien (en welke versie van IE en Windows je gebruikt)
 
housecall zegt schoon!!

:D Housecall zegt dat ik nu officieel virusvrij ben!!!:D

Is dat helemaal te vertrouwen??of moet ik nog ff afwachten tot een van jullie m'n log heeft bekeken??
Groeten, Mip!
 
Re: housecall zegt schoon!!

Geplaatst door mip
:D Housecall zegt dat ik nu officieel virusvrij ben!!!:D

Is dat helemaal te vertrouwen??of moet ik nog ff afwachten tot een van jullie m'n log heeft bekeken??
Groeten, Mip!
Klik om te vergroten...

Post maar even een HijackThis logje ter controle :cool:
 
MIP zegt:

Hijack log deel 3 van Mip staat hier al op deze bladzijde. Volgens mij vanmiddag 16.08 gepost!! Bedankt meedenken:)
 
Logfile of HijackThis v1.97.7
Scan saved at 19:41:58, on 27-7-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eigenaar\Local Settings\Temp\Tijdelijke map 4 voor hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {97989AF7-0FD4-4E88-AACE-C6C51DF95FCF} - C:\WINDOWS\System32\mihkhc.dll
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
voor het gemak...log nog een keer:

Logfile of HijackThis v1.98.0
Scan saved at 15:34:26, on 27-7-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\AVAST4~1\ashDisp.exe
C:\PROGRA~1\AVAST4~1\ashmaisv.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\OpenOffice.org1.1.1\program\soffice.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Avast4 anti virus\aswUpdSv.exe
C:\Program Files\Avast4 anti virus\ashServ.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {665ACD90-4541-4836-9FE4-062386BB8F05} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\nl\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVAST4~1\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\AVAST4~1\ashmaisv.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Program Files\OpenOffice.org1.1.1\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
 
Re: hijacklog deel 3 van Mip

Geplaatst door mip

O2 - BHO: (no name) - {665ACD90-4541-4836-9FE4-062386BB8F05} - (no file)

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
Klik om te vergroten...

Sorry, over het hoofd gezien.

1) Ga (nogmaals?) naar deze pagina en probeer de instructies zo goed mogelijk uit te voeren:
http://www.newdotnet.com/#remove

2) Vink hierna bovenstaande items aan in HijackThis, sluit alle andere vensters en browsers, en klik op Fix Checked.

3) Start opnieuw op, en verwijder:
C:\Program FIles\NewDotNet << map
 
helo terug..
misschien helpt het als zeg dat ik de eerste keer
bijna nooit iets kan fixen in hijackthis....ik herinstaleer
het progje dan opnieuw....en dan kan ik de aangevinkte
regels wel fixen...
en ja in safe modus met prompt heb ik netdc.exe kunnen verwijderen...maar de anderen vind hij niet...
als ik dan langs windows explorer in system32 ga zien vind ik ze ook niet.
Ook msoo.dll niet maar die had ik al verwijderd langs safemodus nog voor ik u de vorige log opstuurde....
hier da de nieuwe log

Logfile of HijackThis v1.98.0
Scan saved at 19:45:24, on 27/07/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Documents and Settings\Mark Cloosterin\Start Menu\Programs\Startup\netdb.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.2link.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
F2 - REG:system.ini: Shell=explorer.exe C:\WINNT\system32\netdc.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: netdb.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O18 - Filter: text/html - {33B15EBC-D507-4A87-833B-2DBDACF5489B} - (no file)
 
Geplaatst door marim

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {97989AF7-0FD4-4E88-AACE-C6C51DF95FCF} - C:\WINDOWS\System32\mihkhc.dll
Klik om te vergroten...

Hoi Marim,

1) Plaats HijackThis.exe even in een eigen map (bijvoorbeeld C:\HijackThis). Dit in verband met de backups die dit programma maakt in de map vanwaaruit hij opgestart wordt. (Er kunnen geen backups gemaakt worden als je hem vanuit een zip/rar-map draait (jouw situatie dus))

2) Je Windows en IE zijn heel erg lek, ga naar Windows Update en download daar in ieder geval ALLE essentiele updates.

3) Vink nu bovenstaande aan in HijackThis, sluit alle andere vensters en browsers, en klik op Fix Checked.

4) Start opnieuw op, en volg de instructies die in dit topic staan.

5) Reboot voor een laatste keer, maak een nieuw HijackThis logje en post dat hier.

PS: ik zie geen enkel opstart item... Heb je wel een virusscanner/firewall???
 
hijack this deel4 van mip

Logfile of HijackThis v1.98.0
Scan saved at 20:42:21, on 27-7-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\AVAST4~1\ashDisp.exe
C:\PROGRA~1\AVAST4~1\ashmaisv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\OpenOffice.org1.1.1\program\soffice.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Avast4 anti virus\aswUpdSv.exe
C:\Program Files\Avast4 anti virus\ashServ.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\nl\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVAST4~1\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\AVAST4~1\ashmaisv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Program Files\OpenOffice.org1.1.1\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab


Wel even een vraagje......Is newdot niet iets wat je nodig hebt? Moet ik dat dan ergens opnieuw vandaan halen? Heb ondertussen namelijk beetje het idee halve computer verwijderd heb.......
 
Re: hijack this deel4 van mip

Geplaatst door mip
Logfile of HijackThis v1.98.0
Scan saved at 20:42:21, on 27-7-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
....

Wel even een vraagje......Is newdot niet iets wat je nodig hebt? Moet ik dat dan ergens opnieuw vandaan halen? Heb ondertussen namelijk beetje het idee halve computer verwijderd heb.......
Klik om te vergroten...


Hallo Mip,

Je hebt inderdaad zo ongeveer een halve computer verwijderd, want zo'n beetje de helft van wat op je computer draaide bestond uit spyware en trojans. En NEE, NewDotNet heb je niet nodig en moet je vooral niet ergens opnieuw vandaan halen.

Je log is nu wel schoon, alleen het volgende moet je beslist nog doen:

1. installeer SpywareBlaster;
2. lees dit en handel ernaar.


Groetjes,

Buffy
 
Hallo Pieter,

een tijdje geleden (voor mijn vakantie) heeft jouw hulp veel opgeleverd. Echter ik denk dat er momenteel iets speelt wat te maken heeft met het enthousiasme van een ontluikend computerliefhebber van 13 jaar:(

Wil je even naar het log kijken?
Logfile of HijackThis v1.98.0
Scan saved at 21:03:44, on 27-7-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\d3my.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ntcv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lime_Shop\Limeshop1.exe
C:\Program Files\Lime_Shop\Limeshop0.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Willem\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ljlji.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ljlji.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ljlji.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ljlji.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ljlji.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ljlji.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14913C42-FA8E-DBBC-21EA-6EB6CA2408BD} - C:\WINDOWS\sdkrd32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [TaskMon] C:\WINDOWS\System32\taskmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Mario\Bureaublad\overig\MsgPlus.exe"
O4 - HKLM\..\Run: [ntcv.exe] C:\WINDOWS\system32\ntcv.exe
O4 - HKLM\..\Run: [Limeshop0] "C:\Program Files\Lime_Shop\Limeshop0.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [ipdk.exe] C:\WINDOWS\ipdk.exe
O4 - HKLM\..\RunOnce: [javaio32.exe] C:\WINDOWS\system32\javaio32.exe
O4 - HKLM\..\RunOnce: [iemq32.exe] C:\WINDOWS\system32\iemq32.exe
O4 - HKLM\..\RunOnce: [crvj.exe] C:\WINDOWS\crvj.exe
O4 - HKLM\..\RunOnce: [addcm.exe] C:\WINDOWS\system32\addcm.exe
O4 - HKLM\..\RunOnce: [d3ff32.exe] C:\WINDOWS\d3ff32.exe
O4 - HKLM\..\RunOnce: [ipbk.exe] C:\WINDOWS\system32\ipbk.exe
O4 - HKLM\..\RunOnce: [mszd.exe] C:\WINDOWS\mszd.exe
O4 - HKLM\..\RunOnce: [winmz32.exe] C:\WINDOWS\system32\winmz32.exe
O4 - HKLM\..\RunOnce: [winjq32.exe] C:\WINDOWS\winjq32.exe
O4 - HKLM\..\RunOnce: [mfcan32.exe] C:\WINDOWS\system32\mfcan32.exe
O4 - HKLM\..\RunOnce: [mfctv32.exe] C:\WINDOWS\mfctv32.exe
O4 - HKLM\..\RunOnce: [winph32.exe] C:\WINDOWS\winph32.exe
O4 - HKLM\..\RunOnce: [d3ps.exe] C:\WINDOWS\system32\d3ps.exe
O4 - HKLM\..\RunOnce: [ntqe.exe] C:\WINDOWS\system32\ntqe.exe
O4 - HKLM\..\RunOnce: [d3zq.exe] C:\WINDOWS\d3zq.exe
O4 - HKLM\..\RunOnce: [netli32.exe] C:\WINDOWS\netli32.exe
O4 - HKLM\..\RunOnce: [sysyd32.exe] C:\WINDOWS\sysyd32.exe
O4 - HKLM\..\RunOnce: [appuj.exe] C:\WINDOWS\system32\appuj.exe
O4 - HKLM\..\RunOnce: [ipdw32.exe] C:\WINDOWS\system32\ipdw32.exe
O4 - HKLM\..\RunOnce: [sysap.exe] C:\WINDOWS\system32\sysap.exe
O4 - HKLM\..\RunOnce: [ipyg32.exe] C:\WINDOWS\ipyg32.exe
O4 - HKLM\..\RunOnce: [sdklx.exe] C:\WINDOWS\system32\sdklx.exe
O4 - HKLM\..\RunOnce: [ipoh32.exe] C:\WINDOWS\system32\ipoh32.exe
O4 - HKLM\..\RunOnce: [atlqu.exe] C:\WINDOWS\atlqu.exe
O4 - HKLM\..\RunOnce: [atlok.exe] C:\WINDOWS\system32\atlok.exe
O4 - HKLM\..\RunOnce: [d3xw.exe] C:\WINDOWS\d3xw.exe
O4 - HKLM\..\RunOnce: [sdkua32.exe] C:\WINDOWS\system32\sdkua32.exe
O4 - HKLM\..\RunOnce: [msyw32.exe] C:\WINDOWS\system32\msyw32.exe
O4 - HKLM\..\RunOnce: [apiuv32.exe] C:\WINDOWS\apiuv32.exe
O4 - HKLM\..\RunOnce: [addib32.exe] C:\WINDOWS\addib32.exe
O4 - HKLM\..\RunOnce: [sdkmb.exe] C:\WINDOWS\system32\sdkmb.exe
O4 - HKLM\..\RunOnce: [appxg.exe] C:\WINDOWS\appxg.exe
O4 - HKLM\..\RunOnce: [ipxl32.exe] C:\WINDOWS\ipxl32.exe
O4 - HKLM\..\RunOnce: [d3fg32.exe] C:\WINDOWS\d3fg32.exe
O4 - HKLM\..\RunOnce: [msxo32.exe] C:\WINDOWS\msxo32.exe
O4 - HKLM\..\RunOnce: [javaqw32.exe] C:\WINDOWS\system32\javaqw32.exe
O4 - HKLM\..\RunOnce: [apiac.exe] C:\WINDOWS\apiac.exe
O4 - HKLM\..\RunOnce: [addvr32.exe] C:\WINDOWS\addvr32.exe
O4 - HKLM\..\RunOnce: [javamt32.exe] C:\WINDOWS\javamt32.exe
O4 - HKLM\..\RunOnce: [msuh.exe] C:\WINDOWS\system32\msuh.exe
O4 - HKLM\..\RunOnce: [mfczc.exe] C:\WINDOWS\mfczc.exe
O4 - HKLM\..\RunOnce: [ienp32.exe] C:\WINDOWS\system32\ienp32.exe
O4 - HKLM\..\RunOnce: [mfcbu32.exe] C:\WINDOWS\system32\mfcbu32.exe
O4 - HKLM\..\RunOnce: [appjo.exe] C:\WINDOWS\system32\appjo.exe
O4 - HKLM\..\RunOnce: [ipjc.exe] C:\WINDOWS\ipjc.exe
O4 - HKLM\..\RunOnce: [addgb.exe] C:\WINDOWS\system32\addgb.exe
O4 - HKLM\..\RunOnce: [addam32.exe] C:\WINDOWS\system32\addam32.exe
O4 - HKLM\..\RunOnce: [netih.exe] C:\WINDOWS\system32\netih.exe
O4 - HKLM\..\RunOnce: [ntsu.exe] C:\WINDOWS\ntsu.exe
O4 - HKLM\..\RunOnce: [netlt32.exe] C:\WINDOWS\netlt32.exe
O4 - HKLM\..\RunOnce: [ippo.exe] C:\WINDOWS\system32\ippo.exe
O4 - HKLM\..\RunOnce: [crrh.exe] C:\WINDOWS\system32\crrh.exe
O4 - HKLM\..\RunOnce: [apiuz32.exe] C:\WINDOWS\apiuz32.exe
O4 - HKLM\..\RunOnce: [ntet32.exe] C:\WINDOWS\ntet32.exe
O4 - HKLM\..\RunOnce: [sysgx.exe] C:\WINDOWS\sysgx.exe
O4 - HKLM\..\RunOnce: [ieqt.exe] C:\WINDOWS\system32\ieqt.exe
O4 - HKLM\..\RunOnce: [winqp.exe] C:\WINDOWS\winqp.exe
O4 - HKLM\..\RunOnce: [apixb.exe] C:\WINDOWS\system32\apixb.exe
O4 - HKLM\..\RunOnce: [iemz32.exe] C:\WINDOWS\iemz32.exe
O4 - HKLM\..\RunOnce: [crqv32.exe] C:\WINDOWS\crqv32.exe
O4 - HKLM\..\RunOnce: [appht.exe] C:\WINDOWS\appht.exe
O4 - HKLM\..\RunOnce: [mfcfy32.exe] C:\WINDOWS\mfcfy32.exe
O4 - HKLM\..\RunOnce: [d3my.exe] C:\WINDOWS\d3my.exe
O4 - HKLM\..\RunOnce: [ntus.exe] C:\WINDOWS\ntus.exe
O4 - HKLM\..\RunOnce: [winzl32.exe] C:\WINDOWS\winzl32.exe
O4 - HKLM\..\RunOnce: [mfcrc32.exe] C:\WINDOWS\mfcrc32.exe
O4 - HKLM\..\RunOnce: [apiha.exe] C:\WINDOWS\apiha.exe
O4 - HKLM\..\RunOnce: [sdklc.exe] C:\WINDOWS\sdklc.exe
O4 - HKLM\..\RunOnce: [mfcob32.exe] C:\WINDOWS\system32\mfcob32.exe
O4 - HKLM\..\RunOnce: [ntwo.exe] C:\WINDOWS\system32\ntwo.exe
O4 - HKLM\..\RunOnce: [msda.exe] C:\WINDOWS\msda.exe
O4 - HKLM\..\RunOnce: [ntkx32.exe] C:\WINDOWS\ntkx32.exe
O4 - HKLM\..\RunOnce: [sysiw32.exe] C:\WINDOWS\system32\sysiw32.exe
O4 - HKLM\..\RunOnce: [javamk32.exe] C:\WINDOWS\javamk32.exe
O4 - HKLM\..\RunOnce: [sdkgp32.exe] C:\WINDOWS\system32\sdkgp32.exe
O4 - HKLM\..\RunOnce: [appoo.exe] C:\WINDOWS\system32\appoo.exe
O4 - HKLM\..\RunOnce: [sdktb32.exe] C:\WINDOWS\system32\sdktb32.exe
O4 - HKLM\..\RunOnce: [atlrf.exe] C:\WINDOWS\atlrf.exe
O4 - HKLM\..\RunOnce: [d3aj.exe] C:\WINDOWS\system32\d3aj.exe
O4 - HKLM\..\RunOnce: [netcs32.exe] C:\WINDOWS\netcs32.exe
O4 - HKLM\..\RunOnce: [netfi.exe] C:\WINDOWS\system32\netfi.exe
O4 - HKLM\..\RunOnce: [apiwq32.exe] C:\WINDOWS\apiwq32.exe
O4 - HKLM\..\RunOnce: [iefu32.exe] C:\WINDOWS\system32\iefu32.exe
O4 - HKLM\..\RunOnce: [netmt32.exe] C:\WINDOWS\system32\netmt32.exe
O4 - HKLM\..\RunOnce: [cryv32.exe] C:\WINDOWS\cryv32.exe
O4 - HKLM\..\RunOnce: [netpk.exe] C:\WINDOWS\system32\netpk.exe
O4 - HKLM\..\RunOnce: [netip32.exe] C:\WINDOWS\netip32.exe
O4 - HKLM\..\RunOnce: [ntgr32.exe] C:\WINDOWS\system32\ntgr32.exe
O4 - HKLM\..\RunOnce: [javakm.exe] C:\WINDOWS\javakm.exe
O4 - HKLM\..\RunOnce: [javait32.exe] C:\WINDOWS\system32\javait32.exe
O4 - HKLM\..\RunOnce: [crqb32.exe] C:\WINDOWS\crqb32.exe
O4 - HKLM\..\RunOnce: [ntdg32.exe] C:\WINDOWS\ntdg32.exe
O4 - HKLM\..\RunOnce: [mfcpv.exe] C:\WINDOWS\system32\mfcpv.exe
O4 - HKLM\..\RunOnce: [addjv.exe] C:\WINDOWS\addjv.exe
O4 - HKLM\..\RunOnce: [sysbc32.exe] C:\WINDOWS\sysbc32.exe
O4 - HKLM\..\RunOnce: [mfcfe32.exe] C:\WINDOWS\mfcfe32.exe
O4 - HKLM\..\RunOnce: [ipwl.exe] C:\WINDOWS\ipwl.exe
O4 - HKLM\..\RunOnce: [apixm.exe] C:\WINDOWS\apixm.exe
O4 - HKLM\..\RunOnce: [appas32.exe] C:\WINDOWS\appas32.exe
O4 - HKLM\..\RunOnce: [apitd32.exe] C:\WINDOWS\apitd32.exe
O4 - HKLM\..\RunOnce: [apibi.exe] C:\WINDOWS\apibi.exe
O4 - HKLM\..\RunOnce: [apiwx.exe] C:\WINDOWS\apiwx.exe
O4 - HKLM\..\RunOnce: [atlxi32.exe] C:\WINDOWS\atlxi32.exe
O4 - HKLM\..\RunOnce: [d3yq.exe] C:\WINDOWS\d3yq.exe
O4 - HKLM\..\RunOnce: [javawj32.exe] C:\WINDOWS\system32\javawj32.exe
O4 - HKLM\..\RunOnce: [mfcyd32.exe] C:\WINDOWS\system32\mfcyd32.exe
O4 - HKLM\..\RunOnce: [d3fx.exe] C:\WINDOWS\system32\d3fx.exe
O4 - HKLM\..\RunOnce: [appzr32.exe] C:\WINDOWS\system32\appzr32.exe
O4 - HKLM\..\RunOnce: [atlpx32.exe] C:\WINDOWS\system32\atlpx32.exe
O4 - HKLM\..\RunOnce: [ntwj32.exe] C:\WINDOWS\system32\ntwj32.exe
O4 - HKLM\..\RunOnce: [apput.exe] C:\WINDOWS\apput.exe
O4 - HKLM\..\RunOnce: [d3rr32.exe] C:\WINDOWS\system32\d3rr32.exe
O4 - HKLM\..\RunOnce: [crdw.exe] C:\WINDOWS\system32\crdw.exe
O4 - HKLM\..\RunOnce: [iept32.exe] C:\WINDOWS\system32\iept32.exe
O4 - HKLM\..\RunOnce: [apidi.exe] C:\WINDOWS\apidi.exe
O4 - HKLM\..\RunOnce: [winmp.exe] C:\WINDOWS\system32\winmp.exe
O4 - HKLM\..\RunOnce: [javana32.exe] C:\WINDOWS\javana32.exe
O4 - HKLM\..\RunOnce: [ntvv.exe] C:\WINDOWS\ntvv.exe
O4 - HKLM\..\RunOnce: [ipxj32.exe] C:\WINDOWS\ipxj32.exe
O4 - HKLM\..\RunOnce: [netio.exe] C:\WINDOWS\netio.exe
O4 - HKLM\..\RunOnce: [apiin.exe] C:\WINDOWS\apiin.exe
O4 - HKLM\..\RunOnce: [mfcut.exe] C:\WINDOWS\mfcut.exe
O4 - HKLM\..\RunOnce: [d3iv.exe] C:\WINDOWS\d3iv.exe
O4 - HKLM\..\RunOnce: [iezk32.exe] C:\WINDOWS\system32\iezk32.exe
O4 - HKLM\..\RunOnce: [sysgi32.exe] C:\WINDOWS\sysgi32.exe
O4 - HKLM\..\RunOnce: [atles32.exe] C:\WINDOWS\atles32.exe
O4 - HKLM\..\RunOnce: [appyx.exe] C:\WINDOWS\appyx.exe
O4 - HKLM\..\RunOnce: [apiti32.exe] C:\WINDOWS\system32\apiti32.exe
O4 - HKLM\..\RunOnce: [msse.exe] C:\WINDOWS\system32\msse.exe
O4 - HKLM\..\RunOnce: [ipje32.exe] C:\WINDOWS\ipje32.exe
O4 - HKLM\..\RunOnce: [addeg32.exe] C:\WINDOWS\system32\addeg32.exe
O4 - HKLM\..\RunOnce: [systd.exe] C:\WINDOWS\system32\systd.exe
O4 - HKLM\..\RunOnce: [ipyw32.exe] C:\WINDOWS\ipyw32.exe
O4 - HKLM\..\RunOnce: [atlxh.exe] C:\WINDOWS\system32\atlxh.exe
O4 - HKLM\..\RunOnce: [ntgu.exe] C:\WINDOWS\system32\ntgu.exe
O4 - HKLM\..\RunOnce: [sysbv32.exe] C:\WINDOWS\system32\sysbv32.exe
O4 - HKLM\..\RunOnce: [javaeo32.exe] C:\WINDOWS\system32\javaeo32.exe
O4 - HKLM\..\RunOnce: [atlfz.exe] C:\WINDOWS\atlfz.exe
O4 - HKLM\..\RunOnce: [mszu32.exe] C:\WINDOWS\mszu32.exe
O4 - HKLM\..\RunOnce: [d3pt32.exe] C:\WINDOWS\system32\d3pt32.exe
O4 - HKLM\..\RunOnce: [javaqt32.exe] C:\WINDOWS\system32\javaqt32.exe
O4 - HKLM\..\RunOnce: [apipw.exe] C:\WINDOWS\system32\apipw.exe
O4 - HKLM\..\RunOnce: [javavh.exe] C:\WINDOWS\javavh.exe
O4 - HKLM\..\RunOnce: [mfczw32.exe] C:\WINDOWS\mfczw32.exe
O4 - HKLM\..\RunOnce: [sdksw.exe] C:\WINDOWS\system32\sdksw.exe
O4 - HKLM\..\RunOnce: [mfcto32.exe] C:\WINDOWS\system32\mfcto32.exe
O4 - HKLM\..\RunOnce: [mfcvz.exe] C:\WINDOWS\mfcvz.exe
O4 - HKLM\..\RunOnce: [ntxs.exe] C:\WINDOWS\ntxs.exe
O4 - HKLM\..\RunOnce: [apppz32.exe] C:\WINDOWS\apppz32.exe
O4 - HKLM\..\RunOnce: [syskn32.exe] C:\WINDOWS\syskn32.exe
O4 - HKLM\..\RunOnce: [crmi32.exe] C:\WINDOWS\crmi32.exe
O4 - HKLM\..\RunOnce: [appcg.exe] C:\WINDOWS\system32\appcg.exe
O4 - HKLM\..\RunOnce: [addxu.exe] C:\WINDOWS\system32\addxu.exe
O4 - HKLM\..\RunOnce: [sysrs32.exe] C:\WINDOWS\system32\sysrs32.exe
O4 - HKLM\..\RunOnce: [appzw32.exe] C:\WINDOWS\appzw32.exe
O4 - HKLM\..\RunOnce: [crcr.exe] C:\WINDOWS\system32\crcr.exe
O4 - HKLM\..\RunOnce: [sysiy32.exe] C:\WINDOWS\sysiy32.exe
O4 - HKLM\..\RunOnce: [mfcok32.exe] C:\WINDOWS\system32\mfcok32.exe
O4 - HKLM\..\RunOnce: [apiib32.exe] C:\WINDOWS\apiib32.exe
O4 - HKLM\..\RunOnce: [netds32.exe] C:\WINDOWS\system32\netds32.exe
O4 - HKLM\..\RunOnce: [addhd.exe] C:\WINDOWS\system32\addhd.exe
O4 - HKLM\..\RunOnce: [atlzv.exe] C:\WINDOWS\atlzv.exe
O4 - HKLM\..\RunOnce: [ntck32.exe] C:\WINDOWS\ntck32.exe
O4 - HKLM\..\RunOnce: [crmz32.exe] C:\WINDOWS\crmz32.exe
O4 - HKLM\..\RunOnce: [ielp32.exe] C:\WINDOWS\system32\ielp32.exe
O4 - HKLM\..\RunOnce: [sdkvk32.exe] C:\WINDOWS\system32\sdkvk32.exe
O4 - HKLM\..\RunOnce: [cryf.exe] C:\WINDOWS\cryf.exe
O4 - HKLM\..\RunOnce: [d3gq32.exe] C:\WINDOWS\d3gq32.exe
O4 - HKLM\..\RunOnce: [ielo32.exe] C:\WINDOWS\ielo32.exe
O4 - HKLM\..\RunOnce: [iezd32.exe] C:\WINDOWS\system32\iezd32.exe
O4 - HKLM\..\RunOnce: [ipcy32.exe] C:\WINDOWS\system32\ipcy32.exe
O4 - HKLM\..\RunOnce: [iebz.exe] C:\WINDOWS\iebz.exe
O4 - HKLM\..\RunOnce: [sysdt.exe] C:\WINDOWS\sysdt.exe
O4 - HKLM\..\RunOnce: [atlpf32.exe] C:\WINDOWS\system32\atlpf32.exe
O4 - HKLM\..\RunOnce: [winwz.exe] C:\WINDOWS\system32\winwz.exe
O4 - HKLM\..\RunOnce: [winur32.exe] C:\WINDOWS\winur32.exe
O4 - HKLM\..\RunOnce: [mshx32.exe] C:\WINDOWS\system32\mshx32.exe
O4 - HKLM\..\RunOnce: [netgp32.exe] C:\WINDOWS\netgp32.exe
O4 - HKLM\..\RunOnce: [crnb32.exe] C:\WINDOWS\system32\crnb32.exe
O4 - HKLM\..\RunOnce: [ipmm.exe] C:\WINDOWS\ipmm.exe
O4 - HKLM\..\RunOnce: [appfd32.exe] C:\WINDOWS\system32\appfd32.exe
O4 - HKLM\..\RunOnce: [addqk32.exe] C:\WINDOWS\system32\addqk32.exe
O4 - HKLM\..\RunOnce: [javafi32.exe] C:\WINDOWS\javafi32.exe
O4 - HKLM\..\RunOnce: [atlqw32.exe] C:\WINDOWS\atlqw32.exe
O4 - HKLM\..\RunOnce: [winua32.exe] C:\WINDOWS\system32\winua32.exe
O4 - HKLM\..\RunOnce: [ieoa32.exe] C:\WINDOWS\system32\ieoa32.exe
O4 - HKLM\..\RunOnce: [atlen.exe] C:\WINDOWS\system32\atlen.exe
O4 - HKLM\..\RunOnce: [nettt32.exe] C:\WINDOWS\nettt32.exe
O4 - HKLM\..\RunOnce: [ntsy.exe] C:\WINDOWS\system32\ntsy.exe
O4 - HKLM\..\RunOnce: [mssz32.exe] C:\WINDOWS\mssz32.exe
O4 - HKLM\..\RunOnce: [appxn.exe] C:\WINDOWS\appxn.exe
O4 - HKLM\..\RunOnce: [crul.exe] C:\WINDOWS\system32\crul.exe
O4 - HKLM\..\RunOnce: [crqs.exe] C:\WINDOWS\crqs.exe
O4 - HKLM\..\RunOnce: [iegu32.exe] C:\WINDOWS\system32\iegu32.exe
O4 - HKLM\..\RunOnce: [sdkdd.exe] C:\WINDOWS\sdkdd.exe
O4 - HKLM\..\RunOnce: [mshp.exe] C:\WINDOWS\mshp.exe
O4 - HKLM\..\RunOnce: [addos32.exe] C:\WINDOWS\system32\addos32.exe
O4 - HKLM\..\RunOnce: [ipdb32.exe] C:\WINDOWS\system32\ipdb32.exe
O4 - HKLM\..\RunOnce: [sdkvm.exe] C:\WINDOWS\sdkvm.exe
O4 - HKLM\..\RunOnce: [ipyx32.exe] C:\WINDOWS\system32\ipyx32.exe
O4 - HKLM\..\RunOnce: [addbq.exe] C:\WINDOWS\system32\addbq.exe
O4 - HKLM\..\RunOnce: [sdkew.exe] C:\WINDOWS\sdkew.exe
O4 - HKLM\..\RunOnce: [javaoi.exe] C:\WINDOWS\system32\javaoi.exe
O4 - HKLM\..\RunOnce: [mfcpr32.exe] C:\WINDOWS\system32\mfcpr32.exe
O4 - HKLM\..\RunOnce: [crrv.exe] C:\WINDOWS\crrv.exe
O4 - HKLM\..\RunOnce: [apivv.exe] C:\WINDOWS\system32\apivv.exe
O4 - HKLM\..\RunOnce: [sysyo32.exe] C:\WINDOWS\system32\sysyo32.exe
O4 - HKLM\..\RunOnce: [atlxh32.exe] C:\WINDOWS\system32\atlxh32.exe
O4 - HKLM\..\RunOnce: [addtt.exe] C:\WINDOWS\addtt.exe
O4 - HKLM\..\RunOnce: [winrs32.exe] C:\WINDOWS\winrs32.exe
O4 - HKLM\..\RunOnce: [mfcwu32.exe] C:\WINDOWS\mfcwu32.exe
O4 - HKLM\..\RunOnce: [ntym.exe] C:\WINDOWS\ntym.exe
O4 - HKLM\..\RunOnce: [d3em32.exe] C:\WINDOWS\d3em32.exe
O4 - HKLM\..\RunOnce: [javazw.exe] C:\WINDOWS\javazw.exe
O4 - HKLM\..\RunOnce: [msgl.exe] C:\WINDOWS\system32\msgl.exe
O4 - HKLM\..\RunOnce: [applb.exe] C:\WINDOWS\system32\applb.exe
O4 - HKLM\..\RunOnce: [sdkyg.exe] C:\WINDOWS\system32\sdkyg.exe
O4 - HKLM\..\RunOnce: [addii.exe] C:\WINDOWS\addii.exe
O4 - HKLM\..\RunOnce: [ipsr32.exe] C:\WINDOWS\ipsr32.exe
O4 - HKLM\..\RunOnce: [mfcdx32.exe] C:\WINDOWS\mfcdx32.exe
O4 - HKLM\..\RunOnce: [apprr.exe] C:\WINDOWS\system32\apprr.exe
O4 - HKLM\..\RunOnce: [apivp.exe] C:\WINDOWS\system32\apivp.exe
O4 - HKLM\..\RunOnce: [d3qz32.exe] C:\WINDOWS\system32\d3qz32.exe
O4 - HKLM\..\RunOnce: [appos32.exe] C:\WINDOWS\appos32.exe
O4 - HKLM\..\RunOnce: [apigz.exe] C:\WINDOWS\apigz.exe
O4 - HKLM\..\RunOnce: [javank.exe] C:\WINDOWS\system32\javank.exe
O4 - HKLM\..\RunOnce: [msxx32.exe] C:\WINDOWS\system32\msxx32.exe
O4 - HKLM\..\RunOnce: [d3ri32.exe] C:\WINDOWS\d3ri32.exe
O4 - HKLM\..\RunOnce: [syshs32.exe] C:\WINDOWS\syshs32.exe
O4 - HKLM\..\RunOnce: [javakc.exe] C:\WINDOWS\javakc.exe
O4 - HKLM\..\RunOnce: [mfcpg.exe] C:\WINDOWS\mfcpg.exe
O4 - HKLM\..\RunOnce: [netgd.exe] C:\WINDOWS\system32\netgd.exe
O4 - HKLM\..\RunOnce: [ntcw.exe] C:\WINDOWS\system32\ntcw.exe
O4 - HKLM\..\RunOnce: [systl.exe] C:\WINDOWS\system32\systl.exe
O4 - HKLM\..\RunOnce: [iepa.exe] C:\WINDOWS\system32\iepa.exe
O4 - HKLM\..\RunOnce: [appmo.exe] C:\WINDOWS\system32\appmo.exe
O4 - HKLM\..\RunOnce: [appgu.exe] C:\WINDOWS\appgu.exe
O4 - HKLM\..\RunOnce: [winoo32.exe] C:\WINDOWS\winoo32.exe
O4 - HKLM\..\RunOnce: [crnx32.exe] C:\WINDOWS\crnx32.exe
O4 - HKLM\..\RunOnce: [javakb32.exe] C:\WINDOWS\javakb32.exe
O4 - HKLM\..\RunOnce: [sysso.exe] C:\WINDOWS\system32\sysso.exe
O4 - HKLM\..\RunOnce: [appsr.exe] C:\WINDOWS\system32\appsr.exe
O4 - HKLM\..\RunOnce: [apida32.exe] C:\WINDOWS\apida32.exe
O4 - HKLM\..\RunOnce: [mssq.exe] C:\WINDOWS\system32\mssq.exe
O4 - HKLM\..\RunOnce: [msfu32.exe] C:\WINDOWS\msfu32.exe
O4 - HKLM\..\RunOnce: [addim32.exe] C:\WINDOWS\addim32.exe
O4 - HKLM\..\RunOnce: [d3dn.exe] C:\WINDOWS\system32\d3dn.exe
O4 - HKLM\..\RunOnce: [netxb.exe] C:\WINDOWS\system32\netxb.exe
O4 - HKLM\..\RunOnce: [apivd32.exe] C:\WINDOWS\apivd32.exe
O4 - HKLM\..\RunOnce: [msol.exe] C:\WINDOWS\msol.exe
O4 - HKLM\..\RunOnce: [appvm32.exe] C:\WINDOWS\appvm32.exe
O4 - HKLM\..\RunOnce: [apiva32.exe] C:\WINDOWS\apiva32.exe
O4 - HKLM\..\RunOnce: [javaac32.exe] C:\WINDOWS\system32\javaac32.exe
O4 - HKLM\..\RunOnce: [applh32.exe] C:\WINDOWS\applh32.exe
O4 - HKLM\..\RunOnce: [mfcln32.exe] C:\WINDOWS\mfcln32.exe
O4 - HKLM\..\RunOnce: [atlhu.exe] C:\WINDOWS\atlhu.exe
O4 - HKLM\..\RunOnce: [mfcns.exe] C:\WINDOWS\system32\mfcns.exe
O4 - HKLM\..\RunOnce: [sdkol.exe] C:\WINDOWS\sdkol.exe
O4 - HKLM\..\RunOnce: [atlnl.exe] C:\WINDOWS\atlnl.exe
O4 - HKLM\..\RunOnce: [javasy32.exe] C:\WINDOWS\system32\javasy32.exe
O4 - HKLM\..\RunOnce: [sdkme.exe] C:\WINDOWS\system32\sdkme.exe
O4 - HKLM\..\RunOnce: [apilp32.exe] C:\WINDOWS\apilp32.exe
O4 - HKLM\..\RunOnce: [javavl.exe] C:\WINDOWS\system32\javavl.exe
O4 - HKLM\..\RunOnce: [apixu.exe] C:\WINDOWS\system32\apixu.exe
O4 - HKLM\..\RunOnce: [atlrv.exe] C:\WINDOWS\system32\atlrv.exe
O4 - HKLM\..\RunOnce: [netbq32.exe] C:\WINDOWS\system32\netbq32.exe
O4 - HKLM\..\RunOnce: [atlcu32.exe] C:\WINDOWS\system32\atlcu32.exe
O4 - HKLM\..\RunOnce: [msvd32.exe] C:\WINDOWS\msvd32.exe
O4 - HKLM\..\RunOnce: [ieja32.exe] C:\WINDOWS\ieja32.exe
O4 - HKLM\..\RunOnce: [addne.exe] C:\WINDOWS\system32\addne.exe
O4 - HKLM\..\RunOnce: [winzj32.exe] C:\WINDOWS\system32\winzj32.exe
O4 - HKLM\..\RunOnce: [appum.exe] C:\WINDOWS\appum.exe
O4 - HKLM\..\RunOnce: [syscf32.exe] C:\WINDOWS\system32\syscf32.exe
O4 - HKLM\..\RunOnce: [sysrq32.exe] C:\WINDOWS\system32\sysrq32.exe
O4 - HKLM\..\RunOnce: [mfcid32.exe] C:\WINDOWS\system32\mfcid32.exe
O4 - HKLM\..\RunOnce: [msxb.exe] C:\WINDOWS\msxb.exe
O4 - HKLM\..\RunOnce: [winvt32.exe] C:\WINDOWS\system32\winvt32.exe
O4 - HKLM\..\RunOnce: [javasu.exe] C:\WINDOWS\system32\javasu.exe
O4 - HKLM\..\RunOnce: [ipqr32.exe] C:\WINDOWS\ipqr32.exe
O4 - HKLM\..\RunOnce: [crwx32.exe] C:\WINDOWS\crwx32.exe
O4 - HKLM\..\RunOnce: [sdksz.exe] C:\WINDOWS\system32\sdksz.exe
O4 - HKLM\..\RunOnce: [winnq32.exe] C:\WINDOWS\system32\winnq32.exe
O4 - HKLM\..\RunOnce: [apidn32.exe] C:\WINDOWS\apidn32.exe
O4 - HKLM\..\RunOnce: [sysej32.exe] C:\WINDOWS\system32\sysej32.exe
O4 - HKLM\..\RunOnce: [mszs.exe] C:\WINDOWS\system32\mszs.exe
O4 - HKLM\..\RunOnce: [ievf32.exe] C:\WINDOWS\ievf32.exe
O4 - HKLM\..\RunOnce: [sysme.exe] C:\WINDOWS\system32\sysme.exe
O4 - HKLM\..\RunOnce: [apigs32.exe] C:\WINDOWS\apigs32.exe
O4 - HKLM\..\RunOnce: [d3tk32.exe] C:\WINDOWS\d3tk32.exe
O4 - HKLM\..\RunOnce: [crbn.exe] C:\WINDOWS\system32\crbn.exe
O4 - HKLM\..\RunOnce: [msxn.exe] C:\WINDOWS\msxn.exe
O4 - HKLM\..\RunOnce: [mssz.exe] C:\WINDOWS\mssz.exe
O4 - HKLM\..\RunOnce: [ippx32.exe] C:\WINDOWS\ippx32.exe
O4 - HKLM\..\RunOnce: [wincu32.exe] C:\WINDOWS\wincu32.exe
O4 - HKLM\..\RunOnce: [mfckb32.exe] C:\WINDOWS\mfckb32.exe
O4 - HKLM\..\RunOnce: [atlgc32.exe] C:\WINDOWS\atlgc32.exe
O4 - HKLM\..\RunOnce: [netwm32.exe] C:\WINDOWS\netwm32.exe
O4 - HKLM\..\RunOnce: [addzn32.exe] C:\WINDOWS\addzn32.exe
O4 - HKLM\..\RunOnce: [d3kf.exe] C:\WINDOWS\system32\d3kf.exe
O4 - HKLM\..\RunOnce: [ieej.exe] C:\WINDOWS\system32\ieej.exe
O4 - HKLM\..\RunOnce: [msof.exe] C:\WINDOWS\msof.exe
O4 - HKLM\..\RunOnce: [apiky32.exe] C:\WINDOWS\system32\apiky32.exe
O4 - HKLM\..\RunOnce: [ntxu.exe] C:\WINDOWS\ntxu.exe
O4 - HKLM\..\RunOnce: [iezy.exe] C:\WINDOWS\system32\iezy.exe
O4 - HKLM\..\RunOnce: [winbl32.exe] C:\WINDOWS\system32\winbl32.exe
O4 - HKLM\..\RunOnce: [sysvr.exe] C:\WINDOWS\system32\sysvr.exe
O4 - HKLM\..\RunOnce: [iehw.exe] C:\WINDOWS\iehw.exe
O4 - HKLM\..\RunOnce: [atljx32.exe] C:\WINDOWS\system32\atljx32.exe
O4 - HKLM\..\RunOnce: [apiob.exe] C:\WINDOWS\apiob.exe
O4 - HKLM\..\RunOnce: [ntoo32.exe] C:\WINDOWS\ntoo32.exe
O4 - HKLM\..\RunOnce: [ipcd32.exe] C:\WINDOWS\ipcd32.exe
O4 - HKLM\..\RunOnce: [netwj.exe] C:\WINDOWS\netwj.exe
O4 - HKLM\..\RunOnce: [crpw.exe] C:\WINDOWS\system32\crpw.exe
O4 - HKLM\..\RunOnce: [ieso.exe] C:\WINDOWS\ieso.exe
O4 - HKLM\..\RunOnce: [sdkqq32.exe] C:\WINDOWS\system32\sdkqq32.exe
O4 - HKLM\..\RunOnce: [javaln.exe] C:\WINDOWS\system32\javaln.exe
O4 - HKLM\..\RunOnce: [sdkty.exe] C:\WINDOWS\system32\sdkty.exe
O4 - HKLM\..\RunOnce: [winxg32.exe] C:\WINDOWS\winxg32.exe
O4 - HKLM\..\RunOnce: [appvs.exe] C:\WINDOWS\system32\appvs.exe
O4 - HKLM\..\RunOnce: [javasl32.exe] C:\WINDOWS\javasl32.exe
O4 - HKLM\..\RunOnce: [ntyw.exe] C:\WINDOWS\ntyw.exe
O4 - HKLM\..\RunOnce: [addjj.exe] C:\WINDOWS\system32\addjj.exe
O4 - HKLM\..\RunOnce: [ieqa32.exe] C:\WINDOWS\ieqa32.exe
O4 - HKLM\..\RunOnce: [atlvq32.exe] C:\WINDOWS\system32\atlvq32.exe
O4 - HKLM\..\RunOnce: [apilc.exe] C:\WINDOWS\apilc.exe
O4 - HKLM\..\RunOnce: [mscs32.exe] C:\WINDOWS\system32\mscs32.exe
O4 - HKLM\..\RunOnce: [appvt32.exe] C:\WINDOWS\appvt32.exe
O4 - HKLM\..\RunOnce: [appcq.exe] C:\WINDOWS\system32\appcq.exe
O4 - HKLM\..\RunOnce: [ntpy32.exe] C:\WINDOWS\system32\ntpy32.exe
O4 - HKLM\..\RunOnce: [apien32.exe] C:\WINDOWS\apien32.exe
O4 - HKLM\..\RunOnce: [sysbm32.exe] C:\WINDOWS\sysbm32.exe
O4 - HKLM\..\RunOnce: [iput.exe] C:\WINDOWS\system32\iput.exe
O4 - HKLM\..\RunOnce: [crpu.exe] C:\WINDOWS\crpu.exe
O4 - HKLM\..\RunOnce: [atlnu.exe] C:\WINDOWS\atlnu.exe
O4 - HKLM\..\RunOnce: [neten.exe] C:\WINDOWS\system32\neten.exe
O4 - HKLM\..\RunOnce: [mfcsz32.exe] C:\WINDOWS\mfcsz32.exe
O4 - HKLM\..\RunOnce: [javald.exe] C:\WINDOWS\system32\javald.exe
O4 - HKLM\..\RunOnce: [winpn.exe] C:\WINDOWS\system32\winpn.exe
O4 - HKLM\..\RunOnce: [msec.exe] C:\WINDOWS\msec.exe
O4 - HKLM\..\RunOnce: [mspu32.exe] C:\WINDOWS\system32\mspu32.exe
O4 - HKLM\..\RunOnce: [winfy32.exe] C:\WINDOWS\winfy32.exe
O4 - HKLM\..\RunOnce: [javaqr.exe] C:\WINDOWS\javaqr.exe
O4 - HKLM\..\RunOnce: [sysol32.exe] C:\WINDOWS\sysol32.exe
O4 - HKLM\..\RunOnce: [crxb32.exe] C:\WINDOWS\crxb32.exe
O4 - HKLM\..\RunOnce: [sdknl32.exe] C:\WINDOWS\system32\sdknl32.exe
O4 - HKLM\..\RunOnce: [appyr32.exe] C:\WINDOWS\appyr32.exe
O4 - HKLM\..\RunOnce: [ieik.exe] C:\WINDOWS\system32\ieik.exe
O4 - HKLM\..\RunOnce: [javaiv32.exe] C:\WINDOWS\javaiv32.exe
O4 - HKLM\..\RunOnce: [ipzt32.exe] C:\WINDOWS\system32\ipzt32.exe
O4 - HKLM\..\RunOnce: [javanr32.exe] C:\WINDOWS\javanr32.exe
O4 - HKLM\..\RunOnce: [ntdh32.exe] C:\WINDOWS\system32\ntdh32.exe
O4 - HKLM\..\RunOnce: [d3hi.exe] C:\WINDOWS\system32\d3hi.exe
O4 - HKLM\..\RunOnce: [sysfq.exe] C:\WINDOWS\system32\sysfq.exe
O4 - HKLM\..\RunOnce: [appln32.exe] C:\WINDOWS\appln32.exe
O4 - HKLM\..\RunOnce: [ipyp.exe] C:\WINDOWS\system32\ipyp.exe
O4 - HKLM\..\RunOnce: [ipme32.exe] C:\WINDOWS\system32\ipme32.exe
O4 - HKLM\..\RunOnce: [ntgn32.exe] C:\WINDOWS\ntgn32.exe
O4 - HKLM\..\RunOnce: [ntwu32.exe] C:\WINDOWS\ntwu32.exe
O4 - HKLM\..\RunOnce: [syspn32.exe] C:\WINDOWS\system32\syspn32.exe
O4 - HKLM\..\RunOnce: [sysdc32.exe] C:\WINDOWS\system32\sysdc32.exe
O4 - HKLM\..\RunOnce: [crxn.exe] C:\WINDOWS\crxn.exe
O4 - HKLM\..\RunOnce: [sdktr.exe] C:\WINDOWS\system32\sdktr.exe
O4 - HKLM\..\RunOnce: [netrh32.exe] C:\WINDOWS\netrh32.exe
O4 - HKLM\..\RunOnce: [appez32.exe] C:\WINDOWS\appez32.exe
O4 - HKLM\..\RunOnce: [crae.exe] C:\WINDOWS\crae.exe
O4 - HKLM\..\RunOnce: [javatk32.exe] C:\WINDOWS\system32\javatk32.exe
O4 - HKLM\..\RunOnce: [addci.exe] C:\WINDOWS\addci.exe
O4 - HKLM\..\RunOnce: [ntqu.exe] C:\WINDOWS\ntqu.exe
O4 - HKLM\..\RunOnce: [addpv32.exe] C:\WINDOWS\addpv32.exe
O4 - HKLM\..\RunOnce: [sysgm32.exe] C:\WINDOWS\system32\sysgm32.exe
O4 - HKLM\..\RunOnce: [addpl32.exe] C:\WINDOWS\system32\addpl32.exe
O4 - HKLM\..\RunOnce: [mfcsi.exe] C:\WINDOWS\mfcsi.exe
O4 - HKLM\..\RunOnce: [ntvj32.exe] C:\WINDOWS\ntvj32.exe
O4 - HKLM\..\RunOnce: [addhz.exe] C:\WINDOWS\addhz.exe
O4 - HKLM\..\RunOnce: [mfcgp32.exe] C:\WINDOWS\system32\mfcgp32.exe
O4 - HKLM\..\RunOnce: [appqn.exe] C:\WINDOWS\appqn.exe
O4 - HKLM\..\RunOnce: [d3pv32.exe] C:\WINDOWS\d3pv32.exe
O4 - HKLM\..\RunOnce: [mfcuo.exe] C:\WINDOWS\mfcuo.exe
O4 - HKLM\..\RunOnce: [sdkxs32.exe] C:\WINDOWS\system32\sdkxs32.exe
O4 - HKLM\..\RunOnce: [winkx32.exe] C:\WINDOWS\system32\winkx32.exe
O4 - HKLM\..\RunOnce: [javakj32.exe] C:\WINDOWS\system32\javakj32.exe
O4 - HKLM\..\RunOnce: [sdkcn.exe] C:\WINDOWS\sdkcn.exe
O4 - HKLM\..\RunOnce: [ipte.exe] C:\WINDOWS\system32\ipte.exe
O4 - HKLM\..\RunOnce: [msqz32.exe] C:\WINDOWS\system32\msqz32.exe
O4 - HKLM\..\RunOnce: [netyh.exe] C:\WINDOWS\netyh.exe
O4 - HKLM\..\RunOnce: [javagz.exe] C:\WINDOWS\system32\javagz.exe
O4 - HKLM\..\RunOnce: [appmy.exe] C:\WINDOWS\appmy.exe
O4 - HKLM\..\RunOnce: [ipat32.exe] C:\WINDOWS\ipat32.exe
O4 - HKLM\..\RunOnce: [ntmu32.exe] C:\WINDOWS\system32\ntmu32.exe
O4 - HKLM\..\RunOnce: [crhe.exe] C:\WINDOWS\system32\crhe.exe
O4 - HKLM\..\RunOnce: [iems32.exe] C:\WINDOWS\system32\iems32.exe
O4 - HKLM\..\RunOnce: [apiuk.exe] C:\WINDOWS\apiuk.exe
O4 - HKLM\..\RunOnce: [sdkym.exe] C:\WINDOWS\system32\sdkym.exe
O4 - HKLM\..\RunOnce: [javaqz32.exe] C:\WINDOWS\javaqz32.exe
O4 - HKLM\..\RunOnce: [apiva.exe] C:\WINDOWS\apiva.exe
O4 - HKLM\..\RunOnce: [ieue.exe] C:\WINDOWS\ieue.exe
O4 - HKLM\..\RunOnce: [javamf.exe] C:\WINDOWS\javamf.exe
O4 - HKLM\..\RunOnce: [apiio32.exe] C:\WINDOWS\system32\apiio32.exe
O4 - HKLM\..\RunOnce: [sysoy32.exe] C:\WINDOWS\sysoy32.exe
O4 - HKLM\..\RunOnce: [crji.exe] C:\WINDOWS\system32\crji.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} - http://exe.dialer.tintel.nl/tcw.cab
O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - http://secure.ingbank.nl/download/DigiSign.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll
 
Joehoe!!!

Geweldig!! 'ik ben weer schoon'
Spywareblaster inmiddels geinstalleerd, en ik zal heel braaf doen wat er van me gevraagd wordt.Ben dus zo'n beginneling die meteen met neus op feiten gedrukt is geweest!!!
Maar heel, heel, heeeeel blij met jullie hulp!!:thumb:
Af en toe een housecall maken, spyblaster laten cleanen, en dan hoop ik op misschien met een andere vraag nog es terug te komen. Maar niet op de spyware!!!! Dank!! Groeten, Mip:love:
 
Hijack log

Logfile of HijackThis v1.97.7
Scan saved at 21:07:29, on 27-7-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\chello\ChelloDesktop.exe
C:\PROGRA~1\Support.com\bin\tgcmd.exe
C:\Program Files\On Demand Distribution\Download Manager\dmdc.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\scchost.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\scchosts.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\srv.exe
C:\WINDOWS\runwin32.exe
C:\WINDOWS\wininet32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\USR WLAN\USR 22Mbps Adapter\USRWLAN.EXE
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\WINDOWS\System32\dllhost.exe
D:\Program Files\abrax\fil\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://easy-search.biz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://easy-search.biz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://easy-search.biz
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://easy-search.biz
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://easy-search.biz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\IEHelper.dll
O2 - BHO: (no name) - {6B73B6B1-4D51-4604-8FB9-1B69D135AE9F} - C:\WINDOWS\System32\jclbha.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [ChelloBackground] C:\Program Files\chello\ChelloMessenger.exe
O4 - HKLM\..\Run: [ChelloDesktop] C:\Program Files\chello\ChelloDesktop.exe
O4 - HKLM\..\Run: [tgcmd] "C:\PROGRA~1\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DOWNLOAD MANAGER] C:\Program Files\On Demand Distribution\Download Manager\dmdc /minimize
O4 - HKLM\..\Run: [Mstask32driver] Mstask32.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Reg32] C:\WINDOWS\reg32.exe
O4 - HKLM\..\Run: [Systems Restart] C:\WINDOWS\slchost.exe
O4 - HKLM\..\Run: [System Restore] C:\WINDOWS\svahost.exe
O4 - HKLM\..\Run: [Alive SYstem] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [cihost.exe] C:\WINDOWS\cihost.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [kg1ut5iukf] C:\WINDOWS\bau2xkpn9w.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [svshostdriver] msnmessengerupdate.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - HKLM\..\Run: [LSPFix] C:\Program Files\Common Files\eAcceleration\LSPfix\LSPmonitor.exe normal
O4 - HKLM\..\Run: [eMailEncryption] C:\PROGRA~1\ACCELE~1\VELOZD~1\velozsys.exe runstart
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\explorer.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\srv.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [cihost.exe] C:\WINDOWS\cihost.exe
O4 - HKCU\..\Run: [aimboot] %SystemRoot%\awinrar.exe
O4 - HKCU\..\Run: [rundll32] D:\Program Files\abrax\dut\fam\bmpfam\rundll32.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [window.exe] C:\WINDOWS\System32\window.exe
O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe
O4 - HKCU\..\Run: [wininet32] C:\WINDOWS\wininet32.exe
O4 - HKCU\..\Run: [Plug and Play] C:\WINDOWS\wininet32.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - Startup: Microsoft Data Helper.lnk = C:\WINDOWS\cihost.exe
O4 - Global Startup: U.S.Robotics Wireless LAN Configuration Utility.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Grokster Support - file://C:\Program Files\GroksterSupport\System\Temp\grokstershop_script0.htm
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.skoobidoo.com
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.accessoveloce.com/webline/x/wmdsc16x.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/legal/x.chm::/load.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {214868A8-F71B-473E-8ECF-6EE1DE6B91D8} - http://pms.localscripts.nl/plugins/4/ms7531_nl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {697C57A6-4DDF-11D5-9A37-009027E91173} (MkDownload Control) - http://www.wmpa.net/mkDownload/mkDownload.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://virusscan.zdnet.nl/housecall/xscan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38053.1625
O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} - http://exe.dialer.tintel.nl/tcw.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (LaunchApp.clsDefault) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O19 - User stylesheet: C:\Program Files\Internet Explorer\readme.txt

Bedankt alvast!
ra.waney@chello.nl
 
Re: Joehoe!!!

Geplaatst door mip
Geweldig!! 'ik ben weer schoon'
Spywareblaster inmiddels geinstalleerd, en ik zal heel braaf doen wat er van me gevraagd wordt.Ben dus zo'n beginneling die meteen met neus op feiten gedrukt is geweest!!!
Maar heel, heel, heeeeel blij met jullie hulp!!:thumb:
Af en toe een housecall maken, spyblaster laten cleanen, en dan hoop ik op misschien met een andere vraag nog es terug te komen. Maar niet op de spyware!!!! Dank!! Groeten, Mip:love:
Klik om te vergroten...

Ik hoop dat je spyWAREblaster bedoelt en niet SpyBlaster. SpyBlaster veroorzaakt zelf namelijk spyware. Maar anyway, graag gedaan en in dit geval hopelijk niet tot een volgende keer! :p
 
Het is inderdaad Hijack1.98. Het stond alleen in een andere map. Nog een keer dus...

Logfile of HijackThis v1.98.0
Scan saved at 21:20:02, on 27-7-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\System32\srv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Rinie Brouwers\Mijn documenten\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\SYSTEM32\IEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\srv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
 
cloosterin

Geplaatst door cloosterin

F2 - REG:system.ini: Shell=explorer.exe C:\WINNT\system32\netdc.exe

O4 - Startup: netdb.exe
Klik om te vergroten...



Hallo Cloosterin,


1. Scan opnieuw met HijackThis, vink de bovenstaande items (zie quote) aan, sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus. Als je niet weet hoe dat moet, kijk dan hier: klik

Zorg in de Verkenner, via Extra -> Mapopties -> Weergave, dat verborgen bestanden en mappen worden weergegeven.

Verwijder nu, in veilige modus dus, de volgende bestanden:

C:\Documents and Settings\Mark Cloosterin\Start Menu\Programs\Startup\netdb.exe
C:\WINNT\system32\netdc.exe

3. Herstart de pc in 'normale modus'.

4. Mochten netdb.exe en netdc.exe dan nog terugkomen, installeer en gebruik dan The Cleaner (trial voor 30 dagen, met volledige functionaliteit).

5. Plaats een nieuw log.


Groetjes,

Buffy
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan