probleem spyware en search home

[ismonewf]

ik grijg altijd een andere start site , zet google op maar dan komt altijd search home pagina ,
heb eerst ad aware6 gedaan en spybot en dan Hijackthis , maar weet niet welke uk moet verwijderen
alle hklm runonce , en de andere weet ik niet

hulp gevraagd???


Logfile of HijackThis v1.98.2
Scan saved at 16:30:26, on 14/08/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\nttj32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\System32\ilrkne.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Documents and Settings\Eveline\Mijn documenten\ronald\spyware prog\hijackthis1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qxwzt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qxwzt.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qxwzt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.belgacom.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {176407B4-E211-4E16-BFFA-63C50AA24B06} - C:\WINDOWS\ieea32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\RunOnce: [ipic32.exe] C:\WINDOWS\ipic32.exe
O4 - HKLM\..\RunOnce: [ieue32.exe] C:\WINDOWS\system32\ieue32.exe
O4 - HKLM\..\RunOnce: [atlgo32.exe] C:\WINDOWS\atlgo32.exe
O4 - HKLM\..\RunOnce: [croa.exe] C:\WINDOWS\system32\croa.exe
O4 - HKLM\..\RunOnce: [d3dd32.exe] C:\WINDOWS\d3dd32.exe
O4 - HKLM\..\RunOnce: [atlka32.exe] C:\WINDOWS\system32\atlka32.exe
O4 - HKLM\..\RunOnce: [atlku.exe] C:\WINDOWS\system32\atlku.exe
O4 - HKLM\..\RunOnce: [ntit.exe] C:\WINDOWS\ntit.exe
O4 - HKLM\..\RunOnce: [sysdk.exe] C:\WINDOWS\system32\sysdk.exe
O4 - HKLM\..\RunOnce: [apibw32.exe] C:\WINDOWS\system32\apibw32.exe
O4 - HKLM\..\RunOnce: [wingn.exe] C:\WINDOWS\system32\wingn.exe
O4 - HKLM\..\RunOnce: [syszo32.exe] C:\WINDOWS\system32\syszo32.exe
O4 - HKLM\..\RunOnce: [d3ip.exe] C:\WINDOWS\system32\d3ip.exe
O4 - HKLM\..\RunOnce: [netzt.exe] C:\WINDOWS\netzt.exe
O4 - HKLM\..\RunOnce: [appbp.exe] C:\WINDOWS\appbp.exe
O4 - HKLM\..\RunOnce: [apptk32.exe] C:\WINDOWS\apptk32.exe
O4 - HKLM\..\RunOnce: [addce.exe] C:\WINDOWS\addce.exe
O4 - HKLM\..\RunOnce: [ipjo32.exe] C:\WINDOWS\system32\ipjo32.exe
O4 - HKLM\..\RunOnce: [d3wz32.exe] C:\WINDOWS\d3wz32.exe
O4 - HKLM\..\RunOnce: [crpj32.exe] C:\WINDOWS\crpj32.exe
O4 - HKLM\..\RunOnce: [sdkan32.exe] C:\WINDOWS\system32\sdkan32.exe
O4 - HKLM\..\RunOnce: [winyi32.exe] C:\WINDOWS\winyi32.exe
O4 - HKLM\..\RunOnce: [addbq.exe] C:\WINDOWS\addbq.exe
O4 - HKLM\..\RunOnce: [crik.exe] C:\WINDOWS\crik.exe
O4 - HKLM\..\RunOnce: [addcf32.exe] C:\WINDOWS\addcf32.exe
O4 - HKLM\..\RunOnce: [crtc32.exe] C:\WINDOWS\system32\crtc32.exe
O4 - HKLM\..\RunOnce: [crcc32.exe] C:\WINDOWS\system32\crcc32.exe
O4 - HKLM\..\RunOnce: [d3lc.exe] C:\WINDOWS\d3lc.exe
O4 - HKLM\..\RunOnce: [iphh.exe] C:\WINDOWS\system32\iphh.exe
O4 - HKLM\..\RunOnce: [ntgm.exe] C:\WINDOWS\ntgm.exe
O4 - HKLM\..\RunOnce: [addny.exe] C:\WINDOWS\system32\addny.exe
O4 - HKLM\..\RunOnce: [apiti32.exe] C:\WINDOWS\system32\apiti32.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Kkjem] C:\WINDOWS\System32\ilrkne.exe
O4 - HKCU\..\Run: [\Pribi.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Schakel Labtec Wireless Desktop in.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtangent.com/install/jvm/msjavx86_3805.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/legal/x.chm::/load.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Microsoft Interactieve Training\o10c\mitm0026.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.cavello.com/dialxs/plugins/d/1/052/be.exe
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikemagiafootball/install.cab
O16 - DPF: {E2BBA7AC-2347-4761-AF7A-0DCA61355D53} - http://www.fairtale.com/dialer/fairtale.cab

 

[gezina]

Daar is een speciaal topic voor. Hier plaatsen, KLIK-->Helpmij tegen spyware offensief deel 7<-- Druk daar op de knop "reageer op bericht" en post je log.

 

[m@rio]

Zie het antwoord van Gezina.

Deze gaat dan ook op slot