waar zit dit in mijn register?

clioke · 13 aug 2003

hey

onlangs moest ik ff iets inscannen en heb ik de scanner opnieuw aangesloten.

na veel zoeken een driver voor xp gevonden.

toen het klaar was, probeerde ik de scanner terug te verwijderen.
bij het verwijderen van de software in configuratiescherm kreeg ik een foutmelding en heb ik de software er handmatig via verkenner uitgekegeld.

nu krijg ik bij het opstarten steeds de fout dat hij het programma niet kan laden --> c:\scanner\exe16\am.exe

kan het bestand niet vinden.

waar kan ik deze sleutel uit mijn register halen zodat hij hier niet meer achter gaat zoeken?

alvast bedankt
geert

vaat · 13 aug 2003

post eens een startup log:

http://www.tomcoyote.org/hjt/#startuplist

clioke · 14 aug 2003

damn, wat krij ik allemaal te zien.

dit is wat er verschijnt in de .LOG:

StartupList report, 14/08/2003, 12:04:54
StartupList version: 1.52
Started from : C:\Documents and Settings\Geert\Bureaublad\startuplist\StartupList.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\symlcsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hotbar\bin\4.3.1.0\HbInst.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hotbar\bin\4.3.1.0\HbSrv.exe
C:\Documents and Settings\Geert\Bureaublad\startuplist\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

WinStart001.EXE = C:\WINDOWS\System\WinStart001.EXE -b
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
DU Meter = C:\Program Files\DU Meter\DUMeter.exe
Telemeter 3.0 = "C:\Program Files\Telemeter 3.0\telemeter3.exe"
MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
NAV CfgWiz = C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
Hotbar = C:\Program Files\Hotbar\bin\4.3.1.0\HbInst.exe /Upgrade

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
CheckIT = C:\Program Files\CheckIT\CheckIT.exe
MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=C:\SCANNER\EXE16\AM.EXE
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssmypics.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

BabeIE - C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll (file missing) - {00000000-0000-0000-0000-000000000000}
Hotbar - C:\Program Files\Hotbar\bin\4.3.1.0\HbHostIE.dll - {B195B3B3-8A05-11D3-97A4-0004ACA6948E}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[YExplorer1_8US.CAB]
CODEBASE = http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
OSD = C:\WINDOWS\Downloaded Program Files\YExplorer1_8US.CAB.osd

[Yahoo! Audio Conferencing]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yacscom.dll
CODEBASE = http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab

[Medi@Show Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PresentCtl.dll
CODEBASE = http://users.skynet.be/chriskrol/aweb/MediaShow.cab

[SmartStartCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SMARTS~1.DLL
CODEBASE = https://internetbanking.argenta.be/multisecure/smartstart/Win32/SmartStartCtl.cab

[{7A32634B-029C-4836-A023-528983982A49}]
CODEBASE = http://www.webagent007.org/ocx/msnchat42.cab

[Version Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\Ubizen\SMARTS~1\SMARTS~1.DLL
CODEBASE = https://internetbanking.argenta.be/multisecure/smartstart/Win32/SmartStartSetup.cab

[{9656B666-992F-4D74-8588-8CA69E97D90C}]
CODEBASE = http://www.commonname.com/en/oneclick/uninstbb.cab

[MSN File Upload Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\MsnUpld.dll
CODEBASE = http://sc.communities.msn.com/controls/FileUC/MsnUpld.cab

[{9B4AA442-9EBF-11D5-8C11-0050DA4957F5}]
CODEBASE = http://www.cavello.com/dialxs/plugins/d/4/402/be.exe

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37689.315150463

[IEAnimBehaviorFactory Class]
InProcServer32 = C:\Program Files\Common Files\Microsoft Shared\msorun\MSORUN.DLL
CODEBASE = http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 8.739 bytes
Report generated in 1,212 seconds

vaat · 14 aug 2003

Open start > uitvoeren > regedit [enter]

Ga naar de sleutel >>

HKCU\..\Windows NT\CurrentVersion\Windows: run=C:\SCANNER\EXE16\AM.EXE

verwijder die sleutel met am.exe door in het rechtervenster op de sleutel te selecteren en de DEL knop in de drukken.

Start eens opnieuw op. Krijg je de melding nog ??

Zo niet , post dan nog eens een log .....

Ben voor de rest even in sneltreinvaart door je log gelopen en kom 2 spywareelemeneten tegen. Namelijk:

Hotbar word als spyware gezien:

http://www.safersite.com/pestinfo/H/Hotbar.asp

BabeIE is ook spyware, voor verwijdering zie:
http://www.commonname.com/english/ug/toolbar/default.asp?idx=10#4

Scan is op spyware omet spybot (http://www.safer-networking.org/index.php?lang=en&page=download)

wel eerst op online tab alle updates binnehalen .....

Bennie · 14 aug 2003

Ik zie verder erg veel narigheid staan (Spyware). Download HijackThis (zorg ervoor dat je versie 1.96 hebt). Uitleg en link vind je hier: http://www.tomcoyote.org/hjt/
Unzip en run het. Klik op Scan > Save log en sla het log op als een .txt bestand.
Kopieer en plak de inhoud in je volgende post.

Groetjes,
Bennie

clioke · 14 aug 2003

mja, dat van die spyware...

ik heb hotbar in m'n explorer en outlook staan en dat gebruik ik regelmatig dus dat ga ik toch maar niet verwijderen...

vaat · 14 aug 2003

Geplaatst door clioke
mja, dat van die spyware...

ik heb hotbar in m'n explorer en outlook staan en dat gebruik ik regelmatig dus dat ga ik toch maar niet verwijderen...

dat van die hotbar moet je zelf weten, heb je in ieder geval de link gegegeven. Er zit dus nog meer rotzooi in je pc (o.a. babeIE).

Scan eerst eens met spybot na alle updates gedownload te hebben. En post dan nog eens je hijackthis log ...

Het hoeft allemaal niet, het is aan jou .......

Is de melding bij het opstarten nou al weg (AM.EXE) ??

clioke · 15 aug 2003

ik krijg het niet weg,

ik vind die key niet in m'n register... :-(

en met regcleaner vind ik ook niets.

euhhh, dat van die babeIE wat is dat voor iets?
heb ff spybot laten zoeken en dan krijg ik een HOOP dingen die hij aanvinkt, maar ik zie wel dat er daar coockies tussen zitten die ik dagelijks gebruik, mogen die dan ook weg??

(sorry maar ken echt weinig van zulke dingen...)

clioke · 15 aug 2003

voila, dit is het:

schrik niet van de lijst he...

(er staat ergens iets met F1 voor en dat is al iets van de scanner) en de rest??? god weet wat dat allemaal te betekenen heeft?

Logfile of HijackThis v1.96.0
Scan saved at 16:56:23, on 15/08/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Hotbar\bin\4.3.1.0\HbInst.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Hotbar\bin\4.3.1.0\HbSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Geert\Bureaublad\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ok-search.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ok-search.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ok-search.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ok-search.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ok-search.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = proxy.pandora.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.pandora.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Use Custom Search URL =
F1 - win.ini: run=C:\SCANNER\EXE16\AM.EXE
O1 - Hosts: 66.159.20.52 www1.ndhosting.com
O1 - Hosts: 66.159.20.52 www3.ndhosting.com
O1 - Hosts: 66.159.20.52 www2.ndhosting.com
O1 - Hosts: 66.159.20.52 www.ndhosting.com
O1 - Hosts: 66.159.20.52 www.kinghost.com
O1 - Hosts: 66.159.20.52 kinghost.com
O1 - Hosts: 66.159.20.52 www3.kinghost.com
O1 - Hosts: 66.159.20.52 www4.kinghost.com
O1 - Hosts: 66.159.20.52 www5.kinghost.com
O1 - Hosts: 66.159.20.52 www6.kinghost.com
O1 - Hosts: 66.159.20.52 www7.kinghost.com
O1 - Hosts: 66.159.20.52 www8.kinghost.com
O1 - Hosts: 66.159.20.52 www9.kinghost.com
O1 - Hosts: 66.159.20.52 www10.kinghost.com
O1 - Hosts: 66.159.20.52 www.smutserver.com
O1 - Hosts: 66.159.20.52 smutserver.com
O1 - Hosts: 66.159.20.52 www1.smutserver.com
O1 - Hosts: 66.159.20.52 www2.smutserver.com
O1 - Hosts: 66.159.20.52 www16.smutserver.com
O1 - Hosts: 66.159.20.52 www3.smutserver.com
O1 - Hosts: 66.159.20.52 www4.smutserver.com
O1 - Hosts: 66.159.20.52 www5.smutserver.com
O1 - Hosts: 66.159.20.52 www6.smutserver.com
O1 - Hosts: 66.159.20.52 www7.smutserver.com
O1 - Hosts: 66.159.20.52 www8.smutserver.com
O1 - Hosts: 66.159.20.52 www9.smutserver.com
O1 - Hosts: 66.159.20.52 www10.smutserver.com
O1 - Hosts: 66.159.20.52 www11.smutserver.com
O1 - Hosts: 66.159.20.52 www12.smutserver.com
O1 - Hosts: 66.159.20.52 www13.smutserver.com
O1 - Hosts: 66.159.20.52 www14.smutserver.com
O1 - Hosts: 66.159.20.52 www15.smutserver.com
O1 - Hosts: 66.159.20.52 www17.smutserver.com
O1 - Hosts: 66.159.20.52 www18.smutserver.com
O1 - Hosts: 66.159.20.52 www19.smutserver.com
O1 - Hosts: 66.159.20.52 www20.smutserver.com
O1 - Hosts: 66.159.20.52 www21.smutserver.com
O1 - Hosts: 66.159.20.52 www22.smutserver.com
O1 - Hosts: 66.159.20.52 www23.smutserver.com
O1 - Hosts: 66.159.20.52 www24.smutserver.com
O1 - Hosts: 66.159.20.52 www25.smutserver.com
O1 - Hosts: 66.159.20.52 www26.smutserver.com
O1 - Hosts: 66.159.20.52 www27.smutserver.com
O1 - Hosts: 66.159.20.52 www28.smutserver.com
O1 - Hosts: 66.159.20.52 www29.smutserver.com
O1 - Hosts: 66.159.20.52 www30.smutserver.com
O1 - Hosts: 66.159.20.52 www31.smutserver.com
O1 - Hosts: 66.159.20.52 www32.smutserver.com
O1 - Hosts: 66.159.20.52 agreathost.net
O1 - Hosts: 66.159.20.52 www.agreathost.net
O1 - Hosts: 66.159.20.52 hotfreehost.com
O1 - Hosts: 66.159.20.52 www.hotfreehost.com
O1 - Hosts: 66.159.20.52 greatfreehost.com
O1 - Hosts: 66.159.20.52 www.greatfreehost.com
O1 - Hosts: 66.159.20.52 freesmutpages.com
O1 - Hosts: 66.159.20.52 www.freesmutpages.com
O1 - Hosts: 66.159.20.52 apornhost.com
O1 - Hosts: 66.159.20.52 www.apornhost.com
O1 - Hosts: 66.159.20.52 nasty-pages.com
O1 - Hosts: 66.159.20.52 www.nasty-pages.com
O1 - Hosts: 66.159.20.52 sexyfreehost.com
O1 - Hosts: 66.159.20.52 www.sexyfreehost.com
O1 - Hosts: 66.159.20.52 x4web.com
O1 - Hosts: 66.159.20.52 www.x4web.com
O1 - Hosts: 66.159.20.52 sexplanets.com
O1 - Hosts: 66.159.20.52 www.sexplanets.com
O1 - Hosts: 66.159.20.52 maxismut.com
O1 - Hosts: 66.159.20.52 www.maxismut.com
O1 - Hosts: 66.159.20.52 tgpfriendly.com
O1 - Hosts: 66.159.20.52 www.tgpfriendly.com
O1 - Hosts: 66.159.20.52 tgp-server.com
O1 - Hosts: 66.159.20.52 www.tgp-server.com
O1 - Hosts: 66.159.20.52 magnaplza.com
O1 - Hosts: 66.159.20.52 www.magnaplza.com
O1 - Hosts: 66.159.20.52 free-xxx-server.com
O1 - Hosts: 66.159.20.52 www.free-xxx-server.com
O1 - Hosts: 66.159.20.52 libereco.net
O1 - Hosts: 66.159.20.52 www.libereco.net
O1 - Hosts: 66.159.20.52 0190-dialer.com
O1 - Hosts: 66.159.20.52 www.0190-dialer.com
O1 - Hosts: 66.159.20.52 xxxod.net
O1 - Hosts: 66.159.20.52 www.xxxod.net
O1 - Hosts: 66.159.20.52 altsights.com
O1 - Hosts: 66.159.20.52 www.altsights.com
O1 - Hosts: 66.159.20.52 adulthosting.com
O1 - Hosts: 66.159.20.52 www.adulthosting.com
O1 - Hosts: 66.159.20.52 superhova.com
O1 - Hosts: 66.159.20.52 www.superhova.com
O1 - Hosts: 66.159.20.52 bestpornhost.com
O1 - Hosts: 66.159.20.52 www.bestpornhost.com
O1 - Hosts: 66.159.20.52 hostingfree.com
O1 - Hosts: 66.159.20.52 www.hostingfree.com
O1 - Hosts: 66.159.20.52 xfreehosting.com
O1 - Hosts: 66.159.20.52 www.xfreehosting.com
O1 - Hosts: 66.159.20.52 blinghosting.com
O1 - Hosts: 66.159.20.52 www.blinghosting.com
O1 - Hosts: 66.159.20.52 x-x-x-hosting.com
O1 - Hosts: 66.159.20.52 www.x-x-x-hosting.com
O1 - Hosts: 66.159.20.52 pornparks.com
O1 - Hosts: 66.159.20.52 www.pornparks.com
O1 - Hosts: 66.159.20.52 sexls.com
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll (file missing)
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.1.0\HbHostIE.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.1.0\HbHostIE.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.EXE -b
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.1.0\HbInst.exe /Upgrade
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CheckIT] C:\Program Files\CheckIT\CheckIT.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .ssc: C:\WINDOWS\Downloaded Program Files\Ubizen\SmartStart\NPSmartStart32.dll
O16 - DPF: FortisCzPc - https://www.fortisbanking.be/FortisCzPC.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {5DBF08EF-4BDE-11D3-B8E4-0080C84E9C66} (Medi@Show Control) - http://users.skynet.be/chriskrol/aweb/MediaShow.cab
O16 - DPF: {660B74E4-4E01-43DE-BB13-2BA2D643C05A} (SmartStartCtl Class) - https://internetbanking.argenta.be/multisecure/smartstart/Win32/SmartStartCtl.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://www.webagent007.org/ocx/msnchat42.cab
O16 - DPF: {94B964F0-45CC-11D4-9F1D-0060085C7782} (Version Class) - https://internetbanking.argenta.be/multisecure/smartstart/Win32/SmartStartSetup.cab
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} - http://www.commonname.com/en/oneclick/uninstbb.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.communities.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.cavello.com/dialxs/plugins/d/4/402/be.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37689.315150463
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

alvast bedankt voor de hulp(aan een NB)

clioke · 15 aug 2003

enneuhhhh, ik ben geen maniak hoor...

was enkel een tijdje op zoek naar een welbepaald programma dat ik nergens kon vinden, van daar al dat sexgedoe denk ik... :-(

vaat · 15 aug 2003

zal straks even kijken. Ben nu even druk .....

ps zie al wel die em.exe (F1 - win.ini: run=C:\SCANNER\EXE16\AM.EXE ). Die kan je al fixen. De melding moet dan weg zijn ..

Overigens zit er zeker wel wat rotzooi in je pc, maar daar kom ik zo op terug ......

Pieter Arntz · 16 aug 2003

Hoi clioke,

Vink de onderstaand dingen aan in HIjackThis, sluit dan alle vensters behalve HijackThis en klik op Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ok-search.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ok-search.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ok-search.com/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ok-search.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ok-search.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Use Custom Search URL =
F1 - win.ini: run=C:\SCANNER\EXE16\AM.EXE
O1 - Hosts: 66.159.20.52 www1.ndhosting.com
O1 - Hosts: 66.159.20.52 www3.ndhosting.com
O1 - Hosts: 66.159.20.52 www2.ndhosting.com
O1 - Hosts: 66.159.20.52 www.ndhosting.com
O1 - Hosts: 66.159.20.52 www.kinghost.com
O1 - Hosts: 66.159.20.52 kinghost.com
O1 - Hosts: 66.159.20.52 www3.kinghost.com
O1 - Hosts: 66.159.20.52 www4.kinghost.com
O1 - Hosts: 66.159.20.52 www5.kinghost.com
O1 - Hosts: 66.159.20.52 www6.kinghost.com
O1 - Hosts: 66.159.20.52 www7.kinghost.com
O1 - Hosts: 66.159.20.52 www8.kinghost.com
O1 - Hosts: 66.159.20.52 www9.kinghost.com
O1 - Hosts: 66.159.20.52 www10.kinghost.com
O1 - Hosts: 66.159.20.52 www.smutserver.com
O1 - Hosts: 66.159.20.52 smutserver.com
O1 - Hosts: 66.159.20.52 www1.smutserver.com
O1 - Hosts: 66.159.20.52 www2.smutserver.com
O1 - Hosts: 66.159.20.52 www16.smutserver.com
O1 - Hosts: 66.159.20.52 www3.smutserver.com
O1 - Hosts: 66.159.20.52 www4.smutserver.com
O1 - Hosts: 66.159.20.52 www5.smutserver.com
O1 - Hosts: 66.159.20.52 www6.smutserver.com
O1 - Hosts: 66.159.20.52 www7.smutserver.com
O1 - Hosts: 66.159.20.52 www8.smutserver.com
O1 - Hosts: 66.159.20.52 www9.smutserver.com
O1 - Hosts: 66.159.20.52 www10.smutserver.com
O1 - Hosts: 66.159.20.52 www11.smutserver.com
O1 - Hosts: 66.159.20.52 www12.smutserver.com
O1 - Hosts: 66.159.20.52 www13.smutserver.com
O1 - Hosts: 66.159.20.52 www14.smutserver.com
O1 - Hosts: 66.159.20.52 www15.smutserver.com
O1 - Hosts: 66.159.20.52 www17.smutserver.com
O1 - Hosts: 66.159.20.52 www18.smutserver.com
O1 - Hosts: 66.159.20.52 www19.smutserver.com
O1 - Hosts: 66.159.20.52 www20.smutserver.com
O1 - Hosts: 66.159.20.52 www21.smutserver.com
O1 - Hosts: 66.159.20.52 www22.smutserver.com
O1 - Hosts: 66.159.20.52 www23.smutserver.com
O1 - Hosts: 66.159.20.52 www24.smutserver.com
O1 - Hosts: 66.159.20.52 www25.smutserver.com
O1 - Hosts: 66.159.20.52 www26.smutserver.com
O1 - Hosts: 66.159.20.52 www27.smutserver.com
O1 - Hosts: 66.159.20.52 www28.smutserver.com
O1 - Hosts: 66.159.20.52 www29.smutserver.com
O1 - Hosts: 66.159.20.52 www30.smutserver.com
O1 - Hosts: 66.159.20.52 www31.smutserver.com
O1 - Hosts: 66.159.20.52 www32.smutserver.com
O1 - Hosts: 66.159.20.52 agreathost.net
O1 - Hosts: 66.159.20.52 www.agreathost.net
O1 - Hosts: 66.159.20.52 hotfreehost.com
O1 - Hosts: 66.159.20.52 www.hotfreehost.com
O1 - Hosts: 66.159.20.52 greatfreehost.com
O1 - Hosts: 66.159.20.52 www.greatfreehost.com
O1 - Hosts: 66.159.20.52 freesmutpages.com
O1 - Hosts: 66.159.20.52 www.freesmutpages.com
O1 - Hosts: 66.159.20.52 apornhost.com
O1 - Hosts: 66.159.20.52 www.apornhost.com
O1 - Hosts: 66.159.20.52 nasty-pages.com
O1 - Hosts: 66.159.20.52 www.nasty-pages.com
O1 - Hosts: 66.159.20.52 sexyfreehost.com
O1 - Hosts: 66.159.20.52 www.sexyfreehost.com
O1 - Hosts: 66.159.20.52 x4web.com
O1 - Hosts: 66.159.20.52 www.x4web.com
O1 - Hosts: 66.159.20.52 sexplanets.com
O1 - Hosts: 66.159.20.52 www.sexplanets.com
O1 - Hosts: 66.159.20.52 maxismut.com
O1 - Hosts: 66.159.20.52 www.maxismut.com
O1 - Hosts: 66.159.20.52 tgpfriendly.com
O1 - Hosts: 66.159.20.52 www.tgpfriendly.com
O1 - Hosts: 66.159.20.52 tgp-server.com
O1 - Hosts: 66.159.20.52 www.tgp-server.com
O1 - Hosts: 66.159.20.52 magnaplza.com
O1 - Hosts: 66.159.20.52 www.magnaplza.com
O1 - Hosts: 66.159.20.52 free-xxx-server.com
O1 - Hosts: 66.159.20.52 www.free-xxx-server.com
O1 - Hosts: 66.159.20.52 libereco.net
O1 - Hosts: 66.159.20.52 www.libereco.net
O1 - Hosts: 66.159.20.52 0190-dialer.com
O1 - Hosts: 66.159.20.52 www.0190-dialer.com
O1 - Hosts: 66.159.20.52 xxxod.net
O1 - Hosts: 66.159.20.52 www.xxxod.net
O1 - Hosts: 66.159.20.52 altsights.com
O1 - Hosts: 66.159.20.52 www.altsights.com
O1 - Hosts: 66.159.20.52 adulthosting.com
O1 - Hosts: 66.159.20.52 www.adulthosting.com
O1 - Hosts: 66.159.20.52 superhova.com
O1 - Hosts: 66.159.20.52 www.superhova.com
O1 - Hosts: 66.159.20.52 bestpornhost.com
O1 - Hosts: 66.159.20.52 www.bestpornhost.com
O1 - Hosts: 66.159.20.52 hostingfree.com
O1 - Hosts: 66.159.20.52 www.hostingfree.com
O1 - Hosts: 66.159.20.52 xfreehosting.com
O1 - Hosts: 66.159.20.52 www.xfreehosting.com
O1 - Hosts: 66.159.20.52 blinghosting.com
O1 - Hosts: 66.159.20.52 www.blinghosting.com
O1 - Hosts: 66.159.20.52 x-x-x-hosting.com
O1 - Hosts: 66.159.20.52 www.x-x-x-hosting.com
O1 - Hosts: 66.159.20.52 pornparks.com
O1 - Hosts: 66.159.20.52 www.pornparks.com
O1 - Hosts: 66.159.20.52 sexls.com
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\Toolbar\cnbabe.dll (file missing)
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.1.0\HbHostIE.dll

O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.1.0\HbHostIE.dll

O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.EXE -b

O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.1.0\HbInst.exe /Upgrade

O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} - http://www.commonname.com/en/oneclick/uninstbb.cab

O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.cavello.com/dialxs/plugins/d/4/402/be.exe

Start dan opnieuw op en laat Spybot S&D alles dat het in rood aangeeft verwijderen.

Meer info over Hotbar: http://www.doxdesk.com/parasite/HotBar.html
Alternatief: http://fredscorner.ezthemes.com/pcenhance/ie/main.phtml

Groetjes,

Pieter

clioke · 17 aug 2003

eindelijk,

ik heb het gedeelte van win.ini c:\scanner.... verwijderd en nu is het ok.

in ieder geval ook bedankt voor alle andere tips.

waar zit dit in mijn register?

clioke

Gebruiker

vaat

Terugkerende gebruiker

clioke

Gebruiker

vaat

Terugkerende gebruiker

Bennie

Giga Honourable Senior Member †

clioke

Gebruiker

vaat

Terugkerende gebruiker

clioke

Gebruiker

clioke

Gebruiker

clioke

Gebruiker

vaat

Terugkerende gebruiker

Pieter Arntz

Spywareslayer

clioke

Gebruiker

Nieuwste berichten

Wij waarderen jouw privacy