Helpmij tegen spyware offensief (deel 7)

Status
Niet open voor verdere reacties.
Phal

Geplaatst door phal

O2 - BHO: (no name) - {B06F51ED-5667-D10B-B33F-8DC724B93B19} - C:\PROGRAM FILES\ANTE MAPI MESS\BOOK FIVE.EXE
Klik om te vergroten...


Hallo Phal,

1. Scan opnieuw met HijackThis, vink het bovenstaande item (zie quote) aan, sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus. Als je niet weet hoe dat moet, kijk dan hier.

Zorg dat in de Verkenner, via Extra -> Mapopties -> Weergave, is ingesteld dat verborgen bestanden en mappen moeten worden weergegeven.

Verwijder nu, in veilige modus dus, deze map:

C:\PROGRAM FILES\ANTE MAPI MESS

3. Herstart de pc in 'normale modus'.


Groetjes,

Buffy
 
Geplaatst door buffy



Hoi Saartje,


Geen virussen te bekennen. Ook geen spyware trouwens.


Groetjes,

Buffy
Klik om te vergroten...

Mh.. ik heb er nochtans toch aan dagtaak aan. Maar iig bedankt.
 
Graag jullie advies wat er weg kan. Alvast bedankt

Logfile of HijackThis v1.97.3
Scan saved at 19:20:39, on 8-8-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
F:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Program Files\Executive Software\DiskeeperLite\DKService.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
F:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
F:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
F:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
F:\Program Files\Analog Devices\SoundMAX\SMTray.exe
F:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
F:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
F:\Program Files\Netropa\Onscreen Display\OSD.exe
F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Real\RealPlayer\RealPlay.exe
F:\Program Files\QuickTime\qttask.exe
F:\WINDOWS\System32\RUNDLL32.exe
F:\WINDOWS\System32\SahAgent.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\Program Files\AutoSizer\AutoSizer.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
F:\WINDOWS\System32\ctfmon.exe
F:\PROGRA~1\ezula\mmod.exe
F:\Program Files\ANT 4 MailChecking\ant4mc.exe
F:\Program Files\Web_Rebates\WebRebates1.exe
F:\Program Files\Kazaa Lite K++\KazaaLite.kpp
F:\Program Files\Web_Rebates\WebRebates0.exe
F:\Program Files\ISTsvc\istsvc.exe
F:\Program Files\Internet Optimizer\optimize.exe
F:\Program Files\Internet Optimizer\actalert.exe
F:\Program Files\BullsEye Network\bin\bargains.exe
F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
F:\Documents and Settings\van der Deijl\Local Settings\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=133666
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=133666
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slotch.com/?&account_id=133666
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=133666
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - F:\WINDOWS\nem219.dll
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - F:\WINDOWS\System32\ATPART~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - F:\WINDOWS\wsem300.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - F:\Program Files\SideFind\sfbho.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - F:\WINDOWS\System32\apuc.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\Msdxm.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - F:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [Alogserv] F:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [Smapp] F:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] F:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pop3Easy] F:\Program Files\AderA Software\POP3 Easy\pop3easy.exe
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Startup Cleaner] F:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "F:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [SAHAgent] F:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [WebRebates0] "F:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [IST Service] F:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "F:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] F:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Power Scan] F:\Program Files\Power Scan\powerscan.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AutoSizer] "F:\Program Files\AutoSizer\AutoSizer.exe" /h
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "F:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MailCheck] F:\Program Files\PPSOFT.DK\PP_MailCheck\mailck.exe
O4 - HKCU\..\Run: [Schedule] F:\Program Files\CM Data Software\CM DiskCleaner\Schedule.exe
O4 - HKCU\..\Run: [eZmmod] F:\PROGRA~1\ezula\mmod.exe
O4 - Startup: ANT 4 MailChecking.lnk = F:\Program Files\ANT 4 MailChecking\ant4mc.exe
O4 - Startup: LetterBox.lnk = F:\Documents and Settings\van der Deijl\Bureaublad\LetterBox.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://F:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: SideFind (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/p3a23a.cab
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37890.2050925926
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF78F393-5D14-4474-9A45-8045FF2243E1}: NameServer = 195.121.1.34 195.121.1.66
 
Hallo Buffy,

Ik heb je raadgevingen opgevolgd en eerst zag het er goed uit maar na enkele keren herstart te hebben, zie ik die search-werkbalk weer verschijnen.

Hoe kan dat ?

Phal
 
Geplaatst door lisa02
Logfile of HijackThis v1.97.3

F:\Documents and Settings\van der Deijl\Local Settings\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe
Klik om te vergroten...
Download eerst de nieuwste Hijack this versie, die jij nu gebruikt is verouderd.

Pak Hijack this daarna eerst uit in een aparte map.
Dit kun je doen met Winrar of Winzip.
Dit met oog op de backups, die door Hijack this gemaakt worden.
Aan je log te zien staat Hijack this in de Temp map van Windows.(F:\Documents and ....)

De download link voor de nieuwste versie vind je in het eerste bericht van deze topic.
 
Oeps...foutje. Ik dacht dat ik hem al had geplaatst...komt ie...
gr Lia


Logfile of HijackThis v1.98.2
Scan saved at 18:28:11, on 8-8-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {B2ED87CF-9F59-634D-AAEB-C89BDB8DFA51} - C:\PROGRAM FILES\1 THIRD FRAG\BOLT RECT.EXE (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4382/mcfscan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
 
phal

Geplaatst door phal
Hallo Buffy,

Ik heb je raadgevingen opgevolgd en eerst zag het er goed uit maar na enkele keren herstart te hebben, zie ik die search-werkbalk weer verschijnen.

Hoe kan dat ?

Phal
Klik om te vergroten...


Hallo Phal,


Download en installeer de nieuwste versie van HijackThis: http://www.majorgeeks.com/download3155.html

Maak daarmee een nieuw log en plaats dat hier.


Groetjes,

Buffy
 
Lia

Geplaatst door Lia

O2 - BHO: (no name) - {B2ED87CF-9F59-634D-AAEB-C89BDB8DFA51} - C:\PROGRAM FILES\1 THIRD FRAG\BOLT RECT.EXE (file missing)
Klik om te vergroten...


Hallo Lia,


Weinig bijzonders op deze pc.


1. Scan opnieuw met HijackThis, vink het bovenstaande item (zie quote) aan, sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus. Kijk of de volgende map er nog is en, zo ja, verwijder die:

C:\PROGRAM FILES\1 THIRD FRAG <- die map

3. Herstart de pc in 'normale modus'.


Groetjes,

Buffy
 
Na met spybot te hebben gescand en de nieuwste versie van hijackthis te hebben gedownload een nieuwe scan. Zo te zien is er al aardig wat weg. Kan er nog meer worden verwijderd?

Logfile of HijackThis v1.98.2
Scan saved at 20:08:21, on 8-8-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
F:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Program Files\Executive Software\DiskeeperLite\DKService.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
F:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
F:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
F:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
F:\Program Files\Analog Devices\SoundMAX\SMTray.exe
F:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Real\RealPlayer\RealPlay.exe
F:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
F:\Program Files\Netropa\Onscreen Display\OSD.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Web_Rebates\WebRebates0.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\Program Files\AutoSizer\AutoSizer.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\ANT 4 MailChecking\ant4mc.exe
F:\Program Files\Web_Rebates\WebRebates1.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
F:\Program Files\Microsoft Office\Office10\WINWORD.EXE
F:\Documents and Settings\van der Deijl\Local Settings\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - F:\Program Files\SideFind\sfbho.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\Msdxm.ocx
O4 - HKLM\..\Run: [Alogserv] F:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [Smapp] F:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] F:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pop3Easy] F:\Program Files\AderA Software\POP3 Easy\pop3easy.exe
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Startup Cleaner] F:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "F:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WebRebates0] "F:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [BullsEye Network] F:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AutoSizer] "F:\Program Files\AutoSizer\AutoSizer.exe" /h
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "F:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MailCheck] F:\Program Files\PPSOFT.DK\PP_MailCheck\mailck.exe
O4 - HKCU\..\Run: [Schedule] F:\Program Files\CM Data Software\CM DiskCleaner\Schedule.exe
O4 - Startup: ANT 4 MailChecking.lnk = F:\Program Files\ANT 4 MailChecking\ant4mc.exe
O4 - Startup: LetterBox.lnk = F:\Documents and Settings\van der Deijl\Bureaublad\LetterBox.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://F:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - F:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/p3a23a.cab
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF78F393-5D14-4474-9A45-8045FF2243E1}: NameServer = 195.121.1.34 195.121.1.66
 
lisa02

Geplaatst door lisa02

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - F:\Program Files\SideFind\sfbho.dll

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "F:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WebRebates0] "F:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [BullsEye Network] F:\Program Files\BullsEye Network\bin\bargains.exe

O8 - Extra context menu item: Web Rebates - file://F:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - F:\Program Files\SideFind\sidefind.dll

O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Acti...iveLauncher.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download....ctl_0_0_0_1.ocx
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
Klik om te vergroten...


Hallo Lisa02,


Spybot het goed werk gedaan, maar er moet nog aardig wat rommel worden verwijderd.


1. Maak een eigen map voor HijackThis (bijvoorbeeld C:\Program Files\HijackThis) en plaats HijackThis.exe daarin. Je draait het programma nu vanuit een tijdelijke map en zo raken de back-ups gemakkelijk zoek.

2. Download CWShredder alvast, maar gebruik het nog niet.

3. Scan opnieuw met HijackThis, vink alle bovenstaande items (zie quote) aan, sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

4. Draai nú CWShredder. Gebruik de "Fix" knop en let goed op de aanwijzingen die het programma geeft. (Voor de zekerheid, het kan zijn dat niets meer wordt gevonden.)

5. Herstart de pc in veilige modus. Als je niet weet hoe dat moet, kijk dan hier.

Zorg dat in de Verkenner, via Extra -> Mapopties -> Weergave, is ingesteld dat verborgen bestanden en mappen moeten worden weergegeven.

Verwijder nu, in veilige modus dus, al deze mappen:

F:\Program Files\Web_Rebates
F:\Program Files\BullsEye Network
F:\Program Files\SideFind
F:\Program Files\WildTangent

6. Herstart de pc in 'normale modus'.

7. Scan nog even met AdAware.

8. Maak een nieuw HijackThis-log en plaats dat hier.


Groetjes,

Buffy
 
Laatst bewerkt:
Hijackthis nieuwe versie gebruikt

Hallo Buffy,

De nieuwe versie van HijackThis heeft de volgende log opgeleverd :

Logfile of HijackThis v1.98.2
Scan saved at 21:07:26, on 8/08/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LOGITECH\WINGMAN SOFTWARE\LWEMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MIJN DOCUMENTEN\DOWNLOADS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.pandora.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\WingMan Software\lwtest.exe" /detect /quiet /launch "C:\Program Files\Logitech\WingMan Software\lwemon.exe /noui"
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

Ik heb nog niets gefixt met deze nieuwe versie.
(En warm dat het hier is !!!!!!)
 
Re: Hijackthis nieuwe versie gebruikt

Geplaatst door phal
Hallo Buffy,

De nieuwe versie van HijackThis heeft de volgende log opgeleverd :

Logfile of HijackThis v1.98.2
Scan saved at 21:07:26, on 8/08/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
......
Klik om te vergroten...


Hallo Phal,

:8-0: Er is in dit log helemaal niets te zien van die werkbalk.
Zou je die balk eens willen beschrijven, zo precies mogelijk? (Namen, eventuele URLs waarnaar gelinkt wordt...)

Groetjes,

Buffy
 
De search-werkbalk

De werkbalk is blauw met witte letters.
Eerst is er een search vakje en dan volgen tabs : Internet software, Internet explorer, Microsoft Office, Microsoft word, Email search.
Wanneer je op één van die tabs klikt, krijg je een nieuwe pagina 'Search the web' met in de adresbalk telkens http://lop.com en dan nog wat zoals dit :
http://lop.com/search/search.cgi?s=internet+business&src=toolbar3

Zegt je dat iets ?
 
Re: De search-werkbalk

Geplaatst door phal
De werkbalk is blauw met witte letters.
Eerst is er een search vakje en dan volgen tabs : Internet software, Internet explorer, Microsoft Office, Microsoft word, Email search.
Wanneer je op één van die tabs klikt, krijg je een nieuwe pagina 'Search the web' met in de adresbalk telkens http://lop.com en dan nog wat zoals dit :
http://lop.com/search/search.cgi?s=internet+business&src=toolbar3

Zegt je dat iets ?
Klik om te vergroten...


Hallo Phal,

Dat zegt me zeker iets. C2Media/Lop.com is overbekende spyware. Alleen dat het niet in het HijackThis-log te zien is, heb ik nog nooit meegemaakt.

Probeer eens of je het met ToolbarCop kunt verwijderen. Draai meteen daarna AdAware of Spybot dan nog even.

Groetjes,

Buffy
 
Hi!

Zou iemand me kunnen helpen met het volgende Hijack This Log. Ik heb eerst gescanned met Adaware en vrijwel alles verwijderd! Ik hoop dat jullie er iets mee kunnen!

Alvast bedankt!


Logfile of HijackThis v1.97.7
Scan saved at 21:27:26, on 8-8-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Desktop Calendar\Desktop Calendar.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\sp.exe
C:\Program Files\Sitecom Wireless LAN\WLANUTL.exe
C:\Documents and Settings\Sarien\Mijn documenten\Jeroen\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [sp] C:\sp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sitecom Wireless LAN Utility.lnk = ?
O16 - DPF: Win32 Classes -
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
Ik heb al je adviezen uitgevoerd. Met Shredder kwam er niets meer uit, maar met AdAware nog 74 items. Hierbij
de nieuwe scan van hijack

Logfile of HijackThis v1.97.3
Scan saved at 21:36:27, on 8-8-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Program Files\Executive Software\DiskeeperLite\DKService.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
F:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
F:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
F:\Program Files\Analog Devices\SoundMAX\SMTray.exe
F:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Real\RealPlayer\RealPlay.exe
F:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
F:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
F:\Program Files\Netropa\Onscreen Display\OSD.exe
F:\Program Files\QuickTime\qttask.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\Program Files\AutoSizer\AutoSizer.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
F:\Program Files\ANT 4 MailChecking\ant4mc.exe
F:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
F:\Program Files\Microsoft Office\Office10\WINWORD.EXE
F:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\Msdxm.ocx
O4 - HKLM\..\Run: [Alogserv] F:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [Smapp] F:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] F:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "F:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pop3Easy] F:\Program Files\AderA Software\POP3 Easy\pop3easy.exe
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Startup Cleaner] F:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WebRebates0] "F:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AutoSizer] "F:\Program Files\AutoSizer\AutoSizer.exe" /h
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "F:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MailCheck] F:\Program Files\PPSOFT.DK\PP_MailCheck\mailck.exe
O4 - HKCU\..\Run: [Schedule] F:\Program Files\CM Data Software\CM DiskCleaner\Schedule.exe
O4 - Startup: ANT 4 MailChecking.lnk = F:\Program Files\ANT 4 MailChecking\ant4mc.exe
O4 - Startup: LetterBox.lnk = F:\Documents and Settings\van der Deijl\Bureaublad\LetterBox.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37890.2050925926
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF78F393-5D14-4474-9A45-8045FF2243E1}: NameServer = 195.121.1.34 195.121.1.66

Alvast bedankt voor de reactie
 
Cevrix

Geplaatst door Cevrix

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O4 - HKCU\..\Run: [sp] C:\sp.exe

O16 - DPF: Win32 Classes -
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
Klik om te vergroten...



Hallo Cevrix,


Die scan op spywarestormer.com moet je niet weer doen. Het bedrijf dat erachter zit is onbetrouwbaar en houdt er agressieve marketingmethodes op na. Gebruik gewoon AdAware of Spybot om op spyware te scannen.


1. Scan opnieuw met HijackThis, vink de bovenstaande items (zie quote) aan, sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus. Als je niet weet hoe dat moet, kijk dan hier.

Zorg dat in de Verkenner, via Extra -> Mapopties -> Weergave, is ingesteld dat verborgen bestanden en mappen moeten worden weergegeven.

Verwijder nu, in veilige modus dus, de volgende bestanden:

C:\sp.exe
C:\WINDOWS\SYSTEM\blank.htm

3. Herstart de pc in 'normale modus'.


Groetjes,

Buffy
 
Laatst bewerkt:
Op verzoek van Saxxon
Log van de windows XP computer

Logfile of HijackThis v1.98.2
Scan saved at 21:54:39, on 8-8-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
D:\WINDOWS\System32\wpabaln.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\TrojanHunter 3.8\TrojanHunter.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Documents and Settings\Koerts.MUSIKO.002\Local Settings\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
 
lisa02

Geplaatst door lisa02

O4 - HKLM\..\Run: [WebRebates0] "F:\Program Files\Web_Rebates\WebRebates0.exe"
Klik om te vergroten...


Hallo Lisa02,


Bijna schoon nu.


1. Scan opnieuw met HijackThis, vink het bovenstaande item (zie quote) aan, sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus. Kijk even goed of de volgende map er nog is en, zo ja, verwijder die:

F:\Program Files\Web_Rebates <- die map

3. Herstart de pc in 'normale modus'.

4. Nu je pc weer schoon is, zou het natuurlijk fijn zijn als dat zo blijft. Dus:

- installeer SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html

- lees dit goed door: http://home.planet.nl/~kleyn080/Spywareinfonl.html#voorkomen


Groetjes,

Buffy
 
superwurm, dat is niet het volledige log.

Ga in kladblok naar bewerken, alles selecteren, bewerken, kopieëren en post dat hier.
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan