Ik heb er weer eens een die ik er niet af krijg. Hij wordt toegevoegd aan mijn menu balk zogenaamd " Easybar"
Bijgaand logfile
Logfile of HijackThis v1.98.0
Scan saved at 15:52:13, on 27-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\system32\fxssvc.exe
C:\NORMAN\nvc\BIN\NJEEVES.EXE
C:\NORMAN\nvc\BIN\nvcoas.exe
C:\NORMAN\nvc\BIN\NVCSCHED.EXE
C:\Program Files\Gigaset\talk&surf 5.1 pentavox\xControlCOM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\NORMAN\nvc\BIN\ZLH.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\ewupdater.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\mstar2.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Gigaset\CAPI\Tools\CALLTRAY.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Psion\PsiWin\Psconsv.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\NORMAN\nvc\BIN\NYMSE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\NORMAN\nvc\BIN\NIP.EXE
C:\NORMAN\nvc\BIN\cclaw.exe
C:\PROGRA~1\Psion\PsiWin\Elogerr.exe
C:\Documents and Settings\VDM\Local Settings\Temp\Tijdelijke map 3 voor hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MStartEnter/Portal/portal.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.easywebsearch.nl/ie.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.easywebsearch.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.easywebsearch.nl/ie.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStartEnter/Portal/portal.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 10.0.0.4
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\IEHelper.dll
O2 - BHO: BHO Class - {C77E900A-FF55-400E-9BAA-E042C8212898} - C:\Program Files\SimpelInternet\Easybar\ToolbarStarter.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easybar - {9AD55269-A21C-4260-BA7F-866FD09E8A8E} - C:\Program Files\SimpelInternet\Easybar\EasyBarShell.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\mstar2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Call Tray.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PsiWin 2.3 Connection Server.lnk = C:\Program Files\Psion\PsiWin\Psconsv.exe
O4 - Global Startup: talk&surf 5.1 pentavox Monitor.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) - http://s7.blingblingcontent.com/toolbarcash/activex/easywebinstaller.ocx
Volgens mij is het de laatste???
Bijgaand logfile
Logfile of HijackThis v1.98.0
Scan saved at 15:52:13, on 27-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\system32\fxssvc.exe
C:\NORMAN\nvc\BIN\NJEEVES.EXE
C:\NORMAN\nvc\BIN\nvcoas.exe
C:\NORMAN\nvc\BIN\NVCSCHED.EXE
C:\Program Files\Gigaset\talk&surf 5.1 pentavox\xControlCOM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\NORMAN\nvc\BIN\ZLH.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\ewupdater.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\mstar2.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Gigaset\CAPI\Tools\CALLTRAY.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Psion\PsiWin\Psconsv.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\NORMAN\nvc\BIN\NYMSE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\NORMAN\nvc\BIN\NIP.EXE
C:\NORMAN\nvc\BIN\cclaw.exe
C:\PROGRA~1\Psion\PsiWin\Elogerr.exe
C:\Documents and Settings\VDM\Local Settings\Temp\Tijdelijke map 3 voor hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MStartEnter/Portal/portal.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.easywebsearch.nl/ie.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.easywebsearch.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.easywebsearch.nl/ie.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStartEnter/Portal/portal.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 10.0.0.4
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\IEHelper.dll
O2 - BHO: BHO Class - {C77E900A-FF55-400E-9BAA-E042C8212898} - C:\Program Files\SimpelInternet\Easybar\ToolbarStarter.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easybar - {9AD55269-A21C-4260-BA7F-866FD09E8A8E} - C:\Program Files\SimpelInternet\Easybar\EasyBarShell.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\mstar2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Call Tray.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PsiWin 2.3 Connection Server.lnk = C:\Program Files\Psion\PsiWin\Psconsv.exe
O4 - Global Startup: talk&surf 5.1 pentavox Monitor.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) - http://s7.blingblingcontent.com/toolbarcash/activex/easywebinstaller.ocx
Volgens mij is het de laatste???