Leonardo28
Nieuwe gebruiker
- Lid geworden
- 29 mei 2004
- Berichten
- 3
Telkens wanneer ik de explorer opstart verschijnt er zo'n vervelende werkbalk bovenaan. Wanneer ik daar rechts opklik en het vinkje bij de naam TheSearchMall.com Bar weghaal dan verschijnt deze leonardo68@hetnet.nlnieuw de IE starten. Ik heb de PC al gescand met AdAware 6. Deze vond 65 problemen, allemaal verwijderd.
De foutenlog van Hijack valt hieronder. Ik hoop dat jullie kunnen vertellen hoe ik van die troep kan afkomen.
Oh ja de standaard startpagina wil ook nog weleens plotseling veranderen.
Logfile of HijackThis v1.97.7
Scan saved at 23:34:00, on 28-5-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\fast.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Express CD-Ejector\CDEjector.exe
C:\PROGRA~1\GADWIN~1\GADWIN~1.6\PRINTS~1.EXE
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\wincmd\WINCMD32.EXE
C:\DOCUME~1\BEB92~1.ROB\LOCALS~1\Temp\$wc\HIJACK~1.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://thesearchmall.com/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.viewpornkey.com/se.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.viewpornkey.com/se.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.viewpornkey.com/se.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.informatique.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.viewpornkey.com/se.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {0FA33B6C-71BC-69D3-DB7A-472A4D6F3452} - (no file)
O1 - Hosts: 5377608764 spywareforum.com
O1 - Hosts: 5377608764 www.spywareforum.com
O1 - Hosts: 5377608764 forum.spywareinfo.com
O1 - Hosts: 5377608764 nativehardcore.com
O1 - Hosts: 5377608764 www.nativehardcore.com
O1 - Hosts: 5377608764 approvedlinks.com
De foutenlog van Hijack valt hieronder. Ik hoop dat jullie kunnen vertellen hoe ik van die troep kan afkomen.
Oh ja de standaard startpagina wil ook nog weleens plotseling veranderen.
Logfile of HijackThis v1.97.7
Scan saved at 23:34:00, on 28-5-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\fast.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Express CD-Ejector\CDEjector.exe
C:\PROGRA~1\GADWIN~1\GADWIN~1.6\PRINTS~1.EXE
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\wincmd\WINCMD32.EXE
C:\DOCUME~1\BEB92~1.ROB\LOCALS~1\Temp\$wc\HIJACK~1.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://thesearchmall.com/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.viewpornkey.com/se.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.viewpornkey.com/se.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.viewpornkey.com/se.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.informatique.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.viewpornkey.com/se.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {0FA33B6C-71BC-69D3-DB7A-472A4D6F3452} - (no file)
O1 - Hosts: 5377608764 spywareforum.com
O1 - Hosts: 5377608764 www.spywareforum.com
O1 - Hosts: 5377608764 forum.spywareinfo.com
O1 - Hosts: 5377608764 nativehardcore.com
O1 - Hosts: 5377608764 www.nativehardcore.com
O1 - Hosts: 5377608764 approvedlinks.com
sowieso zit er veel rotzooi in, alleen al in dit gedeelte van je log kan het onderste gedeelte haast helemaal weg 
Maar don't worry er bestaan ergere logs
