irritante werkbalk bij IE

[diana30]

Hoi!

Ik heb een irritante werkbalk van I-lookup die ik niet weg krijg. Mijn man zit ook wel es te surfen op het net en daar krijg ik vaak irritante dingen van. Nu dus weer zo'n werkbalk en ook de startpagina blijft op lookup staan, ook al verander ik 'm in internetopties. Ik heb al gelezen dat je Hijackthis moet downloaden en dan scannen. Maar nu wil ik weten wat ik hier verder mee moet doen, voordat ik te veel of verkeerd verwijder. Ik heb het logbestand als bijlage bijgevoegd. Ik hoop dat iemand me kan helpen om deze werkbalk kwijt te raken.

Groetjes, Diana

 

[SJJ]

ILookup.html

Volg de ondestaande instructie op:

Description
ILookup is an IE toolbar providing a search box and link buttons. It also adds bookmarks to the Favorites menu (mostly affiliate links) and hijacks the homepage, address bar search and sidebar search.

Variants
ILookup/Ineb is implemented by the file ineb.dll and connects to the site i-lookup.com.
ILookup/Gws is implemented by the file gws.dll and connects to the site globalwebsearch.com.
ILookup/Chgrgs is implemented by the file chgrgs.dll.
ILookup/Abeb is implemented by the file abeb.dll and connects to the site superwebsearch.com.
ILookup/Bmeb is implemented by the file bmeb.dll and connects to the site traffichog.com.
ILookup/Sbus is implemented by the file sbus.dll and connects to the site searchbus.com.
ILookup/Drbr is implemented by the file drbr.dll and connects to the site globaltoolbar.com.
Distribution
Installed by ActiveX drive-by-download, thought to be used on pop-ups.

What it does
Advertising
Yes. Periodically connects to its controlling server, which may direct it to open pop-up advertising, often porn-related.

Privacy violation
No.

Security issues
None known.

Stability problems
At least the Ineb and Drbr variants (possibly the others too) can cause error messages of the type "Explorer has caused an error in ineb.dll...", when using both Internet Explorer and the Windows Explorer.

Removal
Open the 'Downloaded Program Files' folder in the Windows folder. Right-click the object called 'I-Lookup.com Bar' (Ineb and Abeb variants), 'GlobalWebSearch.com Bar' (Gws and Chgrgs variants), 'SearchBus.com Bar' (Sbus variant), 'GlobalToolbar.com Bar' (Drbr variant) or 'Search Bar' (Bmeb variant). Click 'Remove'.

Next, open a DOS command prompt window (Start->Programs->Accessories) and enter the following commands. For the Ineb variant:

cd "%WinDir%\System"
regsvr32 /u Ineb.dll
Or for Gws:

cd "%WinDir%\System"
regsvr32 /u GWS.dll
Or for Chgrgs:

cd "%WinDir%\System"
regsvr32 /u Chgrgs.dll
Or for Abeb:

cd "%WinDir%\System"
regsvr32 /u abeb.dll
Or for Bmeb:

cd "%WinDir%\System"
regsvr32 /u bmeb.dll
Or for Sbus:

cd "%WinDir%\System"
regsvr32 /u sbus.dll
Or for Drbr:

cd "%WinDir%\System"
regsvr32 /u drbr.dll
Finally use Internet Options->Programs->Reset Web Settings to get the normal search sidebar back, reset your homepage, and delete the extra bookmarks added to the Favorites menu. If you like, you can also open the registry (Start->Run->regedit) and delete the key HKEY_CURRENT_USER\Software\ineb to clean up.

Links
The site I-Lookup is operated by iClicks, who signed the ILookup/Ineb code for distribution.
GlobalWebSearch is a generic portal. eAffiliate Inc deny being connected to I-Lookup; they did, however, sign the the ILookup/Gws code for distribution, and their details are in the domain name records for both globalwebsearch.com and searchbus.com.
TrafficHog is operated by Crazy Protocol; SuperWebSearch is operated by Abroad Software.



Op deze site staat hoe je hem kunt verwijderen, is vrij eenvoudig.

http://www.doxdesk.com/parasite/

succes
sjj

 

[diana30]

Dit zegt ie op de site:

Open the 'Downloaded Program Files' folder in the Windows folder. Right-click the object called 'I-Lookup.com Bar' (Ineb and Abeb variants), 'GlobalWebSearch.com Bar' (Gws and Chgrgs variants), 'SearchBus.com Bar' (Sbus variant), 'GlobalToolbar.com Bar' (Drbr variant) or 'Search Bar' (Bmeb variant). Click 'Remove'.

maar als ik in die map ga kijken zie ik daar niets staan van I-Lookup, dus gaat niet werken bij mij.....

 

[SJJ]

staat er geen map I-lookup ?


sjj

 

[hawkie]

misschien moest je je hijacklog even posten in deze topic: http://www.helpmij.nl/forum/showthread.php?s=&postid=876970#post876970

Hier word je geholpen om alle rommel te verwijderen :thumb:

 

[diana30]

Nee staat geen map I-lookup. Maar dit geeft ie aan in het logbestand
Logfile of HijackThis v1.96.2
Scan saved at 10:08:15, on 28-8-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\SYSTEM32\spider.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Diana\Local Settings\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://i-lookup.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://i-lookup.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://i-lookup.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://i-lookup.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll
O2 - BHO: ineb Helper - {61D029AC-972B-49FE-A155-962DFA0A37BB} - C:\WINDOWS\System32\ineb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: I-Lookup.com Bar - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - C:\WINDOWS\System32\ineb.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [20484560.exe] C:\WINDOWS\System32\20484560.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Works Agenda-herinneringen.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://fr4-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_pack_XP.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D35A69A7-7A34-4C67-814A-3F508C0BF371} (Inst Class) - http://toolbar2.i-lookup.com/toolbar/ineb.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A74EBB88-D117-4A70-810C-9106B62A5471}: NameServer = 62.58.50.5 62.58.50.6

Misschien dat jij weet wat er weggehaald moet worden??

 

[hawkie]

Ik heb wel wat ideeën wat je zou kunnen fixen, maar laat het toch liever over aan de experts op dit gebied.
Zie link hierboven dus :thumb:

 

[SJJ]

I-Lookup.com Bar

O3 - Toolbar: I-Lookup.com Bar- {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - C:\WINDOWS\System32\ineb.dll

bestanden staan wel in windows zie hier boven, even naar start en zoeken kun je zien waar ze staan en dan vervolgens ver wijderen zoals eerder beschreven.

sjj

 

[Tanja1968]

Je kunt om te beginnen spybot laten scannen op je pc http://download.com.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button. Die schoont de boel al een beetje op.

 

[Bennie]

Vink de volgende items aan en laat Hijackthis die fixen. Sluit browser en verkenner.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://i-lookup.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://i-lookup.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://i-lookup.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://i-lookup.com/search.html
O2 - BHO: ineb Helper - {61D029AC-972B-49FE-A155-962DFA0A37BB} - C:\WINDOWS\System32\ineb.dll
O3 - Toolbar: I-Lookup.com Bar - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - C:\WINDOWS\System32\ineb.dll
O4 - HKLM\..\Run: [20484560.exe] C:\WINDOWS\System32\20484560.exe
<die lijkt me een trojan, of dialer>

O16 - DPF: {D35A69A7-7A34-4C67-814A-3F508C0BF371} (Inst Class) - http://toolbar2.i-lookup.com/toolbar/ineb.cab

Start PC daarna opnieuw op.

Groetjes,
Bennie

 

[diana30]

irritante werkbalk

Fijn, probleem is opgelost. Werkbalk is weg en komt weer met m'n eigen startpagina.

Bedankt!!

 

[Pieter Arntz]

Gooi deze er ook nog even uit:
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptem...iveSecurity.cab

Groetjes,

Pieter