spyware troep verwijderen

Winger · 8 okt 2004

Kan je dit even nazien a.u.b

Gescand met adaware.se.

Logfile of HijackThis v1.98.2
Scan saved at 12:42:50, on 8/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\INETM\SERVICES.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\WINDOWS SYNCROAD\SYNCROAD.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchportal.info/10040/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F1 - win.ini: run=C:\WINDOWS\INETM\SERVICES.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O2 - BHO: (no name) - {FBA06361-186B-11D9-A5BB-00E015CC8373} - C:\WINDOWS\SYSTEM\AKJPF.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Windows SyncroAd] C:\PROGRAM FILES\WINDOWS SYNCROAD\SYNCROAD.EXE
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\INETM\SERVICES.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\INETM\SERVICES.EXE
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\PROGRA~1\Intern~1\Plugins\NPDocBox.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://gamezone.telenet.be/static/ocx/ExentCtl.ocx
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3da80dca2c11:1e8b55ca59297b294d12cbd5372935d8
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O18 - Filter: text/html - {FE832E8F-1923-11D9-A5BB-00E07B67097D} - C:\WINDOWS\SYSTEM\AKJPF.DLL
O18 - Filter: text/plain - {FE832E8F-1923-11D9-A5BB-00E07B67097D} - C:\WINDOWS\SYSTEM\AKJPF.DLL

buffy · 10 okt 2004

Geplaatst door Winger

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchportal.info/10040/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

F1 - win.ini: run=C:\WINDOWS\INETM\SERVICES.EXE

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O2 - BHO: (no name) - {FBA06361-186B-11D9-A5BB-00E015CC8373} - C:\WINDOWS\SYSTEM\AKJPF.DLL
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Windows SyncroAd] C:\PROGRAM FILES\WINDOWS SYNCROAD\SYNCROAD.EXE
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\INETM\SERVICES.EXE
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\INETM\SERVICES.EXE
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3da80dca2c11:1e8b55ca59297b294d12cbd5372935d8
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe

O18 - Filter: text/html - {FE832E8F-1923-11D9-A5BB-00E07B67097D} - C:\WINDOWS\SYSTEM\AKJPF.DLL
O18 - Filter: text/plain - {FE832E8F-1923-11D9-A5BB-00E07B67097D} - C:\WINDOWS\SYSTEM\AKJPF.DLL

Een indrukwekkende verzameling spyware en hijackers... Alle stappen zorgvuldig uitvoeren, meteen na elkaar, in deze volgorde:

1. Installeer CWShredder 1.59.1 alvast, maar gebruik het nog niet: http://downloads.subratam.org/CWShredder.exe

2. Ga naar Configuratiescherm -> Software en verwijder daar New.Net, NewDotNet, NewNet Application, NewNet Domains, of hoe het bij jou ook precies heet (in ieder geval iets met "New.net", "NewNet" of "NewDotNet").

3. Scan met HijackThis, vink de bovenstaande items (zie quote) aan, sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

4. Draai nú CWShredder. Gebruik de Fix knop.

5. Herstart de pc in veilige modus.
Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

Verwijder nu, in veilige modus dus, de volgende bestanden en mappen (voor zover nog aanwezig):

Deze bestanden:
C:\WINDOWS\SYSTEM\AKJPF.DLL
C:\Recycled\Q330995.exe

Deze mappen:
C:\WINDOWS\INETM
C:\PROGRAM FILES\MYWAY
C:\PROGRAM FILES\WINDOWS SYNCROAD
C:\WINDOWS\SYSTEM\P2P NETWORKING
C:\FREESCAN

6. Herstart de pc in 'normale modus'.

7. Doe nog een volledige scan met AdAware SE.
Start na de scan de pc opnieuw op.

8. Maak een nieuw HijackThis-log en plaats dat hier.

Winger · 11 okt 2004

Hay Buffy.

Hier dan mijn nieuwe log:

Ik ben ondertussen wel veranderd van win98,se naar windows xp.

alles gedaan wat je me opgedragen hebt maar kzit nog met dat vervelende opstartscherm.

Hopelijk kan je der mij vanaf helpen.

Logfile of HijackThis v1.98.2
Scan saved at 19:48:26, on 11/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Documents and Settings\Jef\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pandora.be/zoeken
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pandora.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.pandora.be:8080/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Corel Network monitor worker - {0B4D128E-EEEC-46B7-83E2-E9C251387C7C} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {0B4D128E-EEEC-46B7-83E2-E9C251387C7C} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Corel Network monitor worker - {0B4D128E-EEEC-46B7-83E2-E9C251387C7C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {0B4D128E-EEEC-46B7-83E2-E9C251387C7C} - (no file) (HKCU)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pandora.be
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097345022515

Gr Jef

buffy · 12 okt 2004

Geplaatst door Winger

O9 - Extra button: Corel Network monitor worker - {0B4D128E-EEEC-46B7-83E2-E9C251387C7C} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {0B4D128E-EEEC-46B7-83E2-E9C251387C7C} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: Corel Network monitor worker - {0B4D128E-EEEC-46B7-83E2-E9C251387C7C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {0B4D128E-EEEC-46B7-83E2-E9C251387C7C} - (no file) (HKCU)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)

1. Scan met HijackThis, vink de bovenstaande items (zie quote) aan, sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Start de pc opnieuw op.

3. Maak een nieuw log en plaats dat hier.

Winger · 12 okt 2004

startscherm

goede morgen.

Ik denk dat ik mischien mijn pc toch maar opnieuw moet formatteren al zou ik het liever zo opgelost zien.
Gisteren wel 3x na elkaar alle bewerkingen gedaan met de gegevens die ik van u gekregen heb maar het vervelende opstartscherm blijft maar komen. Hier het adres. mk

MSITStore:C:\spe\start.chm::/start.html#
OPGELET niet openen a.u.b ge geraakt er niet meer vanaf.

Dit heb ik allemaal gedaan.

1 CWCShredder geinstalleerd
2 in Software Newnet verwijderd, (stond er eingenlijk niet bij)
3 Gescand met Hijack Tis.en ge Fix cheched
4 CWShredder Fix knop gebruikt.
5Herstart in veilige modus.
en alle mappen verwijderd die je aangegeven hebt.
6 Herstart in normale modus.
7 Gescand met adaware se en nogmaals gestart.

Dit heb ik dus 3 maal gedaan en de pc meld bij alles dat hij clien is, maar als ik IEplorer open krijg ik terug het bovenstaande adres.

Ik zal hier mijn laatste log bijplaatsen in de hoop dat je nog wat vind.

Dank bij Voorbaat.

Logfile of HijackThis v1.98.2
Scan saved at 9:34:12, on 12/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jef\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pandora.be/zoeken
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=15&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk

MSITStore:C:\spe\start.chm::/start.html#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pandora.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=15&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk

MSITStore:C:\spe\start.chm::/start.html#
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.pandora.be:8080/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Corel Network monitor worker - {0B4D128E-EEEC-46B7-83E2-E9C251387C7C} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {0B4D128E-EEEC-46B7-83E2-E9C251387C7C} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Corel Network monitor worker - {0B4D128E-EEEC-46B7-83E2-E9C251387C7C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {0B4D128E-EEEC-46B7-83E2-E9C251387C7C} - (no file) (HKCU)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=15&q=
O13 - WWW Prefix: http://www.heretofind.com/show.php?id=15&q=
O13 - Home Prefix: http://www.heretofind.com/show.php?id=15&q=
O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=15&q=
O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=15&q=
O14 - IERESET.INF: START_PAGE_URL=http://www.pandora.be
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097345022515

buffy · 12 okt 2004

Re: startscherm

Geplaatst door Winger

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=15&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mkMSITStore:C:\spe\start.chm::/start.html#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=15&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mkMSITStore:C:\spe\start.chm::/start.html#

O9 - Extra button: Corel Network monitor worker - {0B4D128E-EEEC-46B7-83E2-E9C251387C7C} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {0B4D128E-EEEC-46B7-83E2-E9C251387C7C} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: Corel Network monitor worker - {0B4D128E-EEEC-46B7-83E2-E9C251387C7C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {0B4D128E-EEEC-46B7-83E2-E9C251387C7C} - (no file) (HKCU)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)

O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=15&q=
O13 - WWW Prefix: http://www.heretofind.com/show.php?id=15&q=
O13 - Home Prefix: http://www.heretofind.com/show.php?id=15&q=
O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=15&q=
O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=15&q=

Goedemorgen Winger,

Ik kan je niet helpen als je op eigen houtje van alles probeert, aangezien ik dan logs te zien krijg die mij geen volledig beeld van de problemen geven. Volg nu dus mijn instructies precies op en ga zelf verder niet experimenteren, okee?

1. Scan met HijackThis, vink de bovenstaande items (zie quote) aan, sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus.

Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

Verwijder nu, in veilige modus dus, de volgende map (indien nog aanwezig):

C:\spe <- die map

3. Herstart de pc in 'normale modus'.

4. Maak een nieuw log en plaats dat hier.

Winger · 12 okt 2004

Startscherm

Kzal het niet meer zelf proberen Buffy.

Hier mijn nieuw log.

Bij het opstarten van ieplorer krijg ik nu about blank.

Logfile of HijackThis v1.98.2
Scan saved at 11:32:56, on 12/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jef\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pandora.be/zoeken
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pandora.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.pandora.be:8080/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pandora.be
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097345022515

buffy · 12 okt 2004

In dit log zijn geen problemen te zien. Krijg je nu een blanco pagina als startpagina, of krijg je "about: blank" in de adresbalk terwijl er een foute zoekpagina verschijnt?

Winger · 12 okt 2004

BEDANKT BUFFY

Ik heb nu in extra, internet optie als opstart Google ingesteld en de pc opnieuw opgestart omdat voordien het opstart scherm dan weer veranderde maar nu is het perfect in orde.

Bedankt nogmaals en sorry dat ik het u zo moeilijk heb gemaakt met zelf wat te proberen.

Jullie zijn fantastisch.

Groeten Jef.

:thumb:

spyware troep verwijderen

Winger

Gebruiker

buffy

Meubilair

Winger

Gebruiker

buffy

Meubilair

Winger

Gebruiker

buffy

Meubilair

Winger

Gebruiker

buffy

Meubilair

Winger

Gebruiker

Nieuwste berichten

Wij waarderen jouw privacy