Helpmij tegen spyware offensief

Status
Niet open voor verdere reacties.
streamtec,

Wil je mij dit bestandje eens opsturen (zie eerste bericht in deze thread voor het adres):
C:\Program Files\Inoculator\inoc.exe

Download en scan daarna met AdAware (zie zelfde bericht)

Groetjes,

Pieter
 
hoi
als ik wist hoe ik dat moest doen graag, maar heb geen flauw idee waar ik dat moet vinden en hoe ik je dat op moet sturen
 
Geplaatst door streamtec
hoi
als ik wist hoe ik dat moest doen graag, maar heb geen flauw idee waar ik dat moet vinden en hoe ik je dat op moet sturen
Klik om te vergroten...

Per e-mail (als bijlage) naar: pieter@wilderssecurity.org

Het bestand is te vinden in:
C:\Program Files\Inoculator\inoc.exe

Met de verkenner naar die map en bestand. Selecteren; rechter muisknop; kopiëren naar e-mail-ontvanger.

Groetjes,
Bennie
 
Hoi streamtec,

Dit verwachtte ik al.

AdAware kent C:\Program Files\Inoculator\inoc.exe
en wel als Holystic dialer.

Dus scan je PC met AdAware of laat HijackThis deze fixen:
O4 - HKLM\..\Run: [Inoculator] C:\Program Files\Inoculator\inoc.exe

Start daarna opnieuw op en verwijder:
C:\Program Files\Inoculator

Bedankt voor het bestandje,

Pieter
 
Logfile of HijackThis v1.97.3
Scan saved at 10:05:54, on 24-10-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\DOCUME~1\JEROEN\APPLIC~1\tstchbzd.exe
C:\Program Files\Window Active\winactive.exe
C:\WINDOWS\System32\ctfmon.exe
C:\DOCUME~1\KIM\LOCALS~1\Temp\Htc1.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PccPfw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\KIM\Local Settings\Temp\Tijdelijke map 1 voor
hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://public.searchbarcash.com/homepages_manager.php?origin=homepage&software_id=0001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.wanadoo.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer aangeboden door Wanadoo Cable v2.0c NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
http://internet.casema.net/helpdesk/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program
Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program
Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus!
2\MsgPlus.exe"
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\MLH\launcher.exe" /P
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MS Updates] C:\Documents and Settings\JEROEN\Local
Settings\Temporary Internet Files\Content.IE5\W3AHODQF\mscache[1].exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin
2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin
2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin
2003\Pop3trap.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [druaw] C:\DOCUME~1\JEROEN\APPLIC~1\tstchbzd.exe -QuieT
O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CDFoon System-Tray] C:\cdfoon\cdftray.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus!
2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
/background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {11111111-1111-1111-1111-111111111112} -
http://www.latenight.nl/launcher.exe
O16 - DPF: {15C4150D-7F28-4254-ACB5-DBA1A6317BB8} (Dialer.Class1) -
http://www.ipxs.nl/php/sextop100.CAB
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} -
http://www.e-sexcash.com/plugin/028/belmegauwnl.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) -
http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) -
http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} -
http://fr4-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_pack_XP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2BBA7AC-2347-4761-AF7A-0DCA61355D53} (fairtale.Class1) -
http://www.fairtale.com/dialer/fairtale.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8452C86A-C048-499C-835A-89397C907A05}:
NameServer = 194.134.5.5 194.134.5.55


Ik heb zelf al de nodige "rommel" ontdekt, maar graag laat ik alles uitpluizen :D
 
Hoi headout,

De onderstaande aanvinken, alle vensters behalve HijackThis sluiten en op Fix checked klikken:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://public.searchbarcash.com/hom...oftware_id=0001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://mysearchnow.com/searchbar.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://mysearchnow.com/searchbar.html

O4 - HKLM\..\Run: [MS Updates] C:\Documents and Settings\JEROEN\Local
Settings\Temporary Internet Files\Content.IE5\W3AHODQF\mscache[1].exe

O4 - HKLM\..\Run: [druaw] C:\DOCUME~1\JEROEN\APPLIC~1\tstchbzd.exe -QuieT
O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Desktop Messenger\8876480\Program\LDMConf.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present

O16 - DPF: {11111111-1111-1111-1111-111111111112} -
http://www.latenight.nl/launcher.exe
O16 - DPF: {15C4150D-7F28-4254-ACB5-DBA1A6317BB8} (Dialer.Class1) -
http://www.ipxs.nl/php/sextop100.CAB
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} -
http://www.e-sexcash.com/plugin/028/belmegauwnl.exe

O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) -
http://dialxs.nl/install/dialxs.ocx

O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} -
http://fr4-scripts.downloadv3.com/b...TML_pack_XP.cab

O16 - DPF: {E2BBA7AC-2347-4761-AF7A-0DCA61355D53} (fairtale.Class1) -
http://www.fairtale.com/dialer/fairtale.cab

Dan opnieuw opstarten en verwijder:
C:\DOCUMENTS AND SETTINGS\JEROEN\APPLICATION DATA\tstchbzd.exe
C:\Program Files\Window Active <= de hele map
en gooi daarna je Temp Internet bestanden leeg of in ieder geval mscache[1].exe

En een bezoekje aan WindowUpdate is geen overbodige luxe.

Groetjes,

Pieter
 
hoi
ik heb adaware gedownload en een scan uitlaten voeren
krijg 137 itmes,
hoe weet ik of er nog iets is wat kwaad kan?
 
Logfile of HijackThis v1.97.3
Scan saved at 21:13:26, on 24-10-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
F:\logitech update toets muis\iTouch\iTouch.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\AntiViral Toolkit Pro\avpm.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\PINNACLE\SHARED~1\FILTER\server.exe
D:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
D:\Spybot - Search & Destroy\SpybotSD.exe
F:\Download\hijackt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.altavista.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 127.98.9.1 pop.hccnet.nl.b9
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {39c36d28-e9c0-49ea-aab4-18dd53cc35c8} - C:\DOCUME~1\MARLEE~1\APPLIC~1\chdshlyysoa.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: rgrielyweal - {d2600b48-52b9-459e-b410-9b6b72ea516b} - C:\DOCUME~1\MARLEE~1\APPLIC~1\chdshlyysoa.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] F:\logitech update toets muis\iTouch\iTouch.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: AVP Monitor.lnk = C:\Program Files\AntiViral Toolkit Pro\avpm.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GoogleToolbar.dll/cmtrans.html
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2003080601/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

ik heb gescant met spybot
 
log van marleen

Logfile of HijackThis v1.97.3
Scan saved at 21:13:26, on 24-10-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
F:\logitech update toets muis\iTouch\iTouch.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\AntiViral Toolkit Pro\avpm.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\PINNACLE\SHARED~1\FILTER\server.exe
D:\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
D:\Spybot - Search & Destroy\SpybotSD.exe
F:\Download\hijackt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.altavista.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 127.98.9.1 pop.hccnet.nl.b9
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {39c36d28-e9c0-49ea-aab4-18dd53cc35c8} - C:\DOCUME~1\MARLEE~1\APPLIC~1\chdshlyysoa.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: rgrielyweal - {d2600b48-52b9-459e-b410-9b6b72ea516b} - C:\DOCUME~1\MARLEE~1\APPLIC~1\chdshlyysoa.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] F:\logitech update toets muis\iTouch\iTouch.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: AVP Monitor.lnk = C:\Program Files\AntiViral Toolkit Pro\avpm.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GoogleToolbar.dll/cmtrans.html
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2003080601/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

ik heb gescant met spybot
 
Het programma maakt altijd een backup. Maar ik begrijp je vraag niet helemaal...

Groetjes,
Bennie
 
Geplaatst door streamtec
hoi
ik heb adaware gedownload en een scan uitlaten voeren
krijg 137 itmes,
hoe weet ik of er nog iets is wat kwaad kan?
Klik om te vergroten...

Als je de laatste update en versie van AdAware hebt kun je alles veilig laten verwijderen.
Voor zover ik kon zien ben je dan alles kwijt.

Groetjes,

Pieter
 
Marleen,

Laat HijackThis de volgende items fixen:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.altavista.com/
O1 - Hosts: 127.98.9.1 pop.hccnet.nl.b9
O2 - BHO: (no name) - {39c36d28-e9c0-49ea-aab4-18dd53cc35c8} - C:\DOCUME~1\MARLEE~1\APPLIC~1\chdshlyysoa.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.5.exe

Start PC daarna opnieuw op.

Groetjes,
Bennie
 
Re: log van marleen

Geplaatst door Marleen37

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html

O2 - BHO: (no name) - {39c36d28-e9c0-49ea-aab4-18dd53cc35c8} - C:\DOCUME~1\MARLEE~1\APPLIC~1\chdshlyysoa.dll

O3 - Toolbar: rgrielyweal - {d2600b48-52b9-459e-b410-9b6b72ea516b} - C:\DOCUME~1\MARLEE~1\APPLIC~1\chdshlyysoa.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.exe
Klik om te vergroten...

De bovenstaande zaken in HijackThis aanvinken, alle vensters behalve HijackThis sluiten en op Fix checked klikken.

Daarna opnieuw opstarten.

Groetjes,

Pieter
 
hoi
het betreft adaware 6.181 en heb naar updates laten zoeken.
ben misschien lastig (door onwetendheid) maar kan het dan niet zo zijn dat ik bepaalde dingen niet meer kan uitvoeren of pagina's bezoeken
 
Re: Re: log van marleen

Geplaatst door Pieter Arntz


De bovenstaande zaken in HijackThis aanvinken, alle vensters behalve HijackThis sluiten en op Fix checked klikken.

Daarna opnieuw opstarten.

Groetjes,

Pieter
Klik om te vergroten...

nou tis gelukt hartstikke bedankt!!!!!!!!!!! ook voor jullie geduld allemaal.......
 
Geplaatst door Bennie
Marleen,

Laat HijackThis de volgende items fixen:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.altavista.com/
O1 - Hosts: 127.98.9.1 pop.hccnet.nl.b9
O2 - BHO: (no name) - {39c36d28-e9c0-49ea-aab4-18dd53cc35c8} - C:\DOCUME~1\MARLEE~1\APPLIC~1\chdshlyysoa.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.5.exe

Start PC daarna opnieuw op.

Groetjes,
Bennie
Klik om te vergroten...

nou tis gelukt hoor? toppie!!!!!!!!!!! thnx....
 
Hoi streamtec,

Klik dan eerst op Quarantaine voordat je op Finish klikt. Er wordt dan een backup gemaakt die je terug kunt zetten.
Als er dingen zijn die niet meer werken, was het spyware.

Groetjes,

Pieter
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan