Whats up

[oossie]

Mijn startpagina van IE verandert steeds naar tjem.com
in het register alle verwijzingen eruit gesloopt, IE werkt dan weer, maar na een systeemstart, heb ik weer die !@$#$#@% startpagina, Gescand met trojan hunter en met spybot, ook norton systemworks kan niets vinden.

Wie o wie kan mij op het spoor brengen, waar ik dit probleem moet oplossen ?

groeten Oossie

 

[ojan]

Effe scannen met ad-aware...

 

[Elisa]

Beter nog met Spybot Search and destroy
AdAware werkt al een tijdje niet meer bij.

 

[Kleinkramer]

Het is LOP: http://www.doxdesk.com/parasite/lop.html

SpyBot zou moeten werken, mits ALLE updates geinstalleerd zijn.
Lop detectie moet helaas wekelijks geupdate worden.

Ad-Aware 6.0 doet 't ook, maar die is pas vanaf woensdag als freeware te krijgen.

Handmatig krijgen we hem ook redelijk makkelijk weg, maar probeer eerst SpyBot.

 

[Elisa]

Is dat dan de versie waar we zo lang op moesten wachten zonder ref.files?
Goed dat ik het weet. Vond het altijd heel betrouwbaar.

 

[Kleinkramer]

Klopt.

De Plus en Pro versies zijn al een dag of tien te krijgen, en de freeware versie dus vanaf woensdag.

Ze hebben nog een hoop in te halen ten opzichte van SpyBot, maar ze doen hun best.

 

[Elisa]

Dat is morgen mijn eerste klusje
Bedankt voor de tip!

 

[Kleinkramer]

Graag gedaan!

Je vindt hier ook nog 2 uitgebreide threads over het onderwerp.

Groetjes,

 

[Elisa]

Kleinkramer: Ik denk dat we Ad-Aware nu écht beter kunnen vergeten

Dus toch niet helemaal

 

[Kleinkramer]

Toen wél...

En nu is er nóg genoeg waar ze bij Lavasoft nog niet aan zijn toegekomen, maar dat komt gegarandeerd vroeg of laat wel.

 

[oossie]

spybot

heb spybot gedraaid, kreeg deze lijst
--- Search result list ---

--- Spybot-S&D version: 1.1 rel 4 ---
2003-01-01 Includes\Browserpages.tnfo
2003-01-30 Includes\CLSIDs.tnfo
2002-11-11 Includes\Cookies.Deutsch.nfo
2002-11-11 Includes\Cookies.Espanol.nfo
2002-11-11 Includes\Cookies.Italiano.nfo
2002-11-11 Includes\Cookies.Lietuviu.nfo
2003-01-01 Includes\Cookies.nfo
2003-01-29 Includes\Cookies.sbb
2003-01-29 Includes\Cookies.sbi
2003-01-29 Includes\Cookies.sbs
2002-11-11 Includes\Dialer.Deutsch.nfo
2002-11-11 Includes\Dialer.Italiano.nfo
2002-11-11 Includes\Dialer.Lietuviu.nfo
2003-01-01 Includes\Dialer.nfo
2003-01-29 Includes\Dialer.sbi
2003-01-01 Includes\Dialer.sbs
2002-11-11 Includes\Hijackers.Deutsch.nfo
2002-11-11 Includes\Hijackers.Espanol.nfo
2002-11-11 Includes\Hijackers.Italiano.nfo
2002-11-11 Includes\Hijackers.Lietuviu.nfo
2003-01-01 Includes\Hijackers.nfo
2003-02-02 Includes\Hijackers.sbi
2002-11-16 Includes\Hosts.sbs
2002-11-11 Includes\Keyloggers.Deutsch.nfo
2002-11-11 Includes\Keyloggers.Espanol.nfo
2002-11-11 Includes\Keyloggers.Italiano.nfo
2002-11-11 Includes\Keyloggers.Lietuviu.nfo
2003-01-01 Includes\Keyloggers.nfo
2003-01-28 Includes\Keyloggers.sbi
2003-01-01 Includes\Logs.uts
2002-11-11 Includes\Malware.Deutsch.nfo
2002-11-11 Includes\Malware.Espanol.nfo
2002-11-11 Includes\Malware.Italiano.nfo
2002-11-11 Includes\Malware.Lietuviu.nfo
2003-01-30 Includes\Malware.nfo
2003-01-30 Includes\Malware.sbi
2003-01-01 Includes\plugin-ignore.ini
2003-01-01 Includes\Searchpages.tnfo
2002-11-11 Includes\Security.Deutsch.nfo
2002-11-11 Includes\Security.Espanol.nfo
2002-11-11 Includes\Security.Italiano.nfo
2002-11-11 Includes\Security.Lietuviu.nfo
2003-01-01 Includes\Security.nfo
2003-01-01 Includes\Security.sbi
2002-11-11 Includes\Spybots.Deutsch.nfo
2002-11-11 Includes\Spybots.Espanol.nfo
2002-11-11 Includes\Spybots.Italiano.nfo
2002-11-11 Includes\Spybots.Lietuviu.nfo
2003-01-27 Includes\Spybots.nfo
2003-01-30 Includes\Spybots.sbi
2002-11-11 Includes\Tracks.Deutsch.nfo
2002-11-11 Includes\Tracks.Espanol.nfo
2002-11-11 Includes\Tracks.Italiano.nfo
2002-11-11 Includes\Tracks.Lietuviu.nfo
2003-01-01 Includes\Tracks.nfo
2003-01-30 Includes\Tracks.uti
2002-11-11 Includes\Trojans.Deutsch.nfo
2002-11-11 Includes\Trojans.Espanol.nfo
2002-11-11 Includes\Trojans.Italiano.nfo
2002-11-11 Includes\Trojans.Lietuviu.nfo
2003-01-01 Includes\Trojans.nfo
2003-01-29 Includes\Trojans.sbi
2003-01-27 Includes\URL-Blacklist.sbs


--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ Windows XP / SP1: Windows XP Service Pack 1
/ Windows XP / SP2: Windows XP Hotfix-pakket (Zie Q323255 voor meer informatie)
/ Windows XP / SP2: Windows XP Hotfix (SP2), Q328310
/ Windows XP / SP2: Windows XP Hotfix-pakket (Zie Q329048 voor meer informatie)
/ Windows XP / SP2: Windows XP Hotfix-pakket (Zie Q329115 voor meer informatie)
/ Windows XP / SP2: Windows XP Hotfix (SP2), Q329170
/ Windows XP / SP2: Windows XP Hotfix-pakket (Zie Q329390 voor meer informatie)
/ Windows XP / SP2: Windows XP Hotfix-pakket (Zie Q329834 voor meer informatie)
/ Windows XP / SP2: Windows XP Hotfix (SP2), Q810565
/ Windows XP / SP2: Windows XP Hotfix (SP2), Q810833


--- Startup entries list ---
Spybot-S&D Startup list report, 4-2-2003 0:57:44

Located: HK_CU:Run, CTFMON.EXE
file: C:\WINDOWS\System32\ctfmon.exe
MD5: BC69FEECC644021E56745C2E10C49EF2

Located: HK_CU:Run, MSMSGS
file: "C:\Program Files\Messenger\msmsgs.exe" /background

Located: HK_CU:Run, LDM
file: \Program\BackWeb-8876480.exe

Located: HK_LM:Run, C-Media Mixer
file: Mixer.exe /startup

Located: HK_LM:Run, NAV Agent
file: C:\PROGRA~1\NORTON~1\navapw32.exe
MD5: 44A716C6EDA439A804C2833E0C16DA82

Located: HK_LM:Run, iamapp
file: C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
MD5: F3FED0A68D8E2ECF261079B8842BE596

Located: HK_LM:Run, CloneCDElbyCDFL
file: "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

Located: HK_LM:Run, CloneCDTray
file: "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

Located: HK_LM:Run, zBrowser Launcher
file: C:\Program Files\Logitech\iTouch\iTouch.exe
MD5: 5A24096190D68FDBC193229A6AD99896

Located: HK_LM:Run, EM_EXEC
file: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
MD5: BCDBCD110DAE1ABCA8F3787C8FCD3166

Located: HK_LM:Run, thbrquea
file: C:\DOCUME~1\Charles\APPLIC~1\blgloosf.exe -QuieT

Located: HK_LM:Run, THGuard
file: "C:\Program Files\TrojanHunter 2.5\TH_Guard.exe"

Located: Startup (common), Logitech Desktop Messenger.lnk
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
MD5: 91291CA1490F952D977618544D540B87

Located: Startup (common), Norton System Doctor.lnk
file: C:\Program Files\Norton Utilities\SYSDOC32.EXE
MD5: 56A05AC436A98EAD93CC9924CB8E0F78

Located: Startup (common), WinZip Quick Pick.lnk
file: C:\Program Files\WinZip\WZQKPICK.EXE
MD5: 2FE253973433442C2CB234FB2BC4BF29



--- Browser helper object list ---
Spybot-S&D Browser helper object report, 4-2-2003 0:57:44

{5a7698f0-1e1a-4f5b-bca1-0b35c2ccb1a8}
Class file: ceawprbrquly.dll
Attributes: archive
Date: 2-2-2003 23:40:56
MD5: 9B4CF91CB90A00EBAE2798EE89AFE58E
Path: C:\DOCUME~1\Charles\APPLIC~1\
Short name: CEAWPR~1.DLL
Size: 98304 bytes
Version: 255.255.255.255
Class name: cicgwqyfrmiiztzmrdec

{BDF3E430-B101-42AD-A544-FADC6B084872}
Class file: NavShExt.dll
Attributes: archive
Date: 20-3-2002 10:00:40
MD5: 2EAB9D2A0AFE9BE089924458522CDF93
Path: C:\Program Files\Norton AntiVirus\
Short name:
Size: 102400 bytes
Version: 0.8.0.0
Class name: CNavExtBho Class
CLSID database: legitimate software
Description: Norton Antivirus
Filename: NavShExt.dll
Name: NAV Helper


--- ActiveX list ---
Spybot-S&D ActiveX report, 4-2-2003 0:57:44

Microsoft XML Parser for Java
Download location: file://C:\WINDOWS\Java\classes\xmldso.cab
Name: Microsoft XML Parser for Java
Version: 1,0,9,2

{9F1C11AA-197B-4942-BA54-47A8489BB47F}
Class file: iuctl.dll
Attributes: archive
Date: 15-1-2003 17:15:10
MD5: B3BF89D8C625E9AC5F43F78BE6545B81
Path: C:\WINDOWS\System32\
Short name:
Size: 101496 bytes
Version: 0.5.0.4
Class name: Update Class
CLSID database: legitimate software
Description: Windows Update
Filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
Contains file: iuctl.dll
Attributes: archive
Date: 15-1-2003 17:15:10
MD5: B3BF89D8C625E9AC5F43F78BE6545B81
Path: C:\WINDOWS\System32\
Short name:
Size: 101496 bytes
Version: 0.5.0.4
Contains file: iuengine.dll
Attributes: archive
Date: 15-1-2003 17:15:12
MD5: 093EDE3A3EBB452F655C8C3822148D1A
Path: C:\WINDOWS\System32\
Short name:
Size: 182904 bytes
Version: 0.5.0.4
Download location: http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37652.7344560185
Last modified: Wed, 29 Jan 2003 17:28:45 GMT
Version: 5,4,3630,2550


--- Process list ---
Spybot-S&D process list report, 4-2-2003 0:57:44

PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 340 ( 4) \SystemRoot\System32\smss.exe
PID: 400 ( 340) csrss.exe
PID: 544 ( 340) \??\C:\WINDOWS\system32\winlogon.exe
PID: 588 ( 544) C:\WINDOWS\system32\services.exe
PID: 600 ( 544) C:\WINDOWS\system32\lsass.exe
PID: 636 (1208) C:\DOCUME~1\Charles\APPLIC~1\blgloosf.exe
PID: 716 (1208) C:\Program Files\Messenger\msmsgs.exe
PID: 772 ( 588) C:\WINDOWS\system32\svchost.exe
PID: 816 (1208) C:\WINDOWS\Mixer.exe
PID: 820 ( 588) C:\WINDOWS\System32\svchost.exe
PID: 852 (1208) C:\PROGRA~1\NORTON~1\navapw32.exe
PID: 872 (1208) C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
PID: 916 ( 588) svchost.exe
PID: 924 (1208) C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
PID: 944 (1208) C:\Program Files\Logitech\iTouch\iTouch.exe
PID: 960 ( 588) svchost.exe
PID: 988 (1208) C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
PID: 1148 (1208) C:\Program Files\Norton Utilities\SYSDOC32.EXE
PID: 1208 (1180) C:\WINDOWS\Explorer.EXE
PID: 1236 ( 588) C:\WINDOWS\system32\spoolsv.exe
PID: 1332 (1208) C:\Program Files\TrojanHunter 2.5\TH_Guard.exe
PID: 1364 (1208) C:\WINDOWS\System32\ctfmon.exe
PID: 1432 ( 636) C:\DOCUME~1\Charles\LOCALS~1\Temp\deo1.exe
PID: 1564 ( 588) C:\Program Files\Norton AntiVirus\navapsvc.exe
PID: 1588 ( 588) C:\Program Files\Norton Personal Firewall\NISUM.EXE
PID: 1616 ( 588) C:\Program Files\Norton Utilities\NPROTECT.EXE
PID: 1632 (3696) C:\PROGRA~1\WINZIP\wzqkpick.exe
PID: 1748 ( 924) C:\Program Files\Norton Personal Firewall\ATRACK.EXE
PID: 1752 ( 588) C:\Program Files\Speed Disk\nopdb.exe
PID: 1772 ( 588) C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
PID: 1856 ( 588) C:\Program Files\Norton Personal Firewall\NISSERV.EXE
PID: 2344 ( 588) C:\WINDOWS\System32\svchost.exe
PID: 2540 (1208) C:\Program Files\Spybot - Search & Destroy 1.1\SpybotSD.exe
PID: 2872 (1208) C:\Program Files\Lavasoft Ad-Aware\Ad-aware.exe
PID: 3148 (1208) C:\WINDOWS\system32\ntvdm.exe
PID: 3628 (1208) C:\Program Files\Internet Explorer\iexplore.exe


--- Browser start & search pages list ---
Spybot-S&D browser pages report, 4-2-2003 0:57:44

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://tjem.com/passthrough/index.html?about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

en nu ?

 

[Kleinkramer]

Dat is de verkeerde lijst.

Dat zijn niet de scanresultaten, maar je opstartprogramma's, lopende taken, en meer van dat moois.

Doe dit:

Eerst klik je links op Online, dan "Search For Updates", en vervolgens alle updates aanvinken en downloaden ( 'download updates').

Nu Internet Explorer afsluiten.

Daarna in SpyBot links bij 'Settings' (Instellingen) > File Sets, 'System Internals' en 'Tracks' uitvinken.
Die zijn voor dit doel onnodig, en daar kun je altijd later mee experimenteren.

Vervolgens klik je linksonder op "check for problems", laat scannen, en laat SB tenslotte ALLES verwijderen.

Het programma maakt automatisch backups aan..

Vervolgens even opnieuw opstarten.

Succes,

 

[Kleinkramer]

Ik zie onder je BHOs overigens al de LOP BHO: ceawprbrquly.dll

Doe het gewoon zoals ik net uitlegde, en het kan niet mis gaan.

 

[oossie]

Ton

Bedoel je deze lijst ?
C2.lop: IE Start page (Register-verandering.)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page=about:blank

Common Dialogs: History( (6 files)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Internet Explorer: Cookies( (22 cookies)) (Directory)
C:\Documents and Settings\Charles\Cookies

Internet Explorer: Temporary internet files( (475 entries)) (Lege cache)

Log: Activity: imsins.log (Backup bestand)
C:\WINDOWS\imsins.log

Log: Activity: OEWABLog.txt (Backup bestand)
C:\WINDOWS\OEWABLog.txt

Log: Activity: SchedLgU.Txt (Backup bestand)
C:\WINDOWS\SchedLgU.Txt

Log: Install: comsetup.log (Backup bestand)
C:\WINDOWS\comsetup.log

Log: Install: DtcInstall.log (Backup bestand)
C:\WINDOWS\DtcInstall.log

Log: Install: ocgen.log (Backup bestand)
C:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup bestand)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup bestand)
C:\WINDOWS\setupapi.log

Log: Install: setuplog.txt (Backup bestand)
C:\WINDOWS\setuplog.txt

Log: Install: svcpack.log (Backup bestand)
C:\WINDOWS\svcpack.log

Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup bestand)
C:\WINDOWS\System32\wbem\logs\mofcomp.log

Log: Shutdown: System32\wbem\logs\setup.log (Backup bestand)
C:\WINDOWS\System32\wbem\logs\setup.log

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup bestand)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup bestand)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup bestand)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup bestand)
C:\WINDOWS\System32\wbem\logs\winmgmt.log

Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup bestand)
C:\WINDOWS\System32\wbem\logs\wmiadap.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup bestand)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Windows Explorer: Program run history( (2 entries)) (Register sleutel)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: Recently opened files( (17 links)) (Directory)
C:\Documents and Settings\Charles\Onlangs geopend


--- Spybot-S&D version: 1.1 rel 4 ---
2003-01-01 Includes\Browserpages.tnfo
2003-01-30 Includes\CLSIDs.tnfo
2002-11-11 Includes\Cookies.Deutsch.nfo
2002-11-11 Includes\Cookies.Espanol.nfo
2002-11-11 Includes\Cookies.Italiano.nfo
2002-11-11 Includes\Cookies.Lietuviu.nfo
2003-01-01 Includes\Cookies.nfo
2003-01-29 Includes\Cookies.sbb
2003-01-29 Includes\Cookies.sbi
2003-01-29 Includes\Cookies.sbs
2002-11-11 Includes\Dialer.Deutsch.nfo
2002-11-11 Includes\Dialer.Italiano.nfo
2002-11-11 Includes\Dialer.Lietuviu.nfo
2003-01-01 Includes\Dialer.nfo
2003-01-29 Includes\Dialer.sbi
2003-01-01 Includes\Dialer.sbs
2002-11-11 Includes\Hijackers.Deutsch.nfo
2002-11-11 Includes\Hijackers.Espanol.nfo
2002-11-11 Includes\Hijackers.Italiano.nfo
2002-11-11 Includes\Hijackers.Lietuviu.nfo
2003-01-01 Includes\Hijackers.nfo
2003-02-02 Includes\Hijackers.sbi
2002-11-16 Includes\Hosts.sbs
2002-11-11 Includes\Keyloggers.Deutsch.nfo
2002-11-11 Includes\Keyloggers.Espanol.nfo
2002-11-11 Includes\Keyloggers.Italiano.nfo
2002-11-11 Includes\Keyloggers.Lietuviu.nfo
2003-01-01 Includes\Keyloggers.nfo
2003-01-28 Includes\Keyloggers.sbi
2003-01-01 Includes\Logs.uts
2002-11-11 Includes\Malware.Deutsch.nfo
2002-11-11 Includes\Malware.Espanol.nfo
2002-11-11 Includes\Malware.Italiano.nfo
2002-11-11 Includes\Malware.Lietuviu.nfo
2003-01-30 Includes\Malware.nfo
2003-01-30 Includes\Malware.sbi
2003-01-01 Includes\plugin-ignore.ini
2003-01-01 Includes\Searchpages.tnfo
2002-11-11 Includes\Security.Deutsch.nfo
2002-11-11 Includes\Security.Espanol.nfo
2002-11-11 Includes\Security.Italiano.nfo
2002-11-11 Includes\Security.Lietuviu.nfo
2003-01-01 Includes\Security.nfo
2003-01-01 Includes\Security.sbi
2002-11-11 Includes\Spybots.Deutsch.nfo
2002-11-11 Includes\Spybots.Espanol.nfo
2002-11-11 Includes\Spybots.Italiano.nfo
2002-11-11 Includes\Spybots.Lietuviu.nfo
2003-01-27 Includes\Spybots.nfo
2003-01-30 Includes\Spybots.sbi
2002-12-09 Includes\Startup.tnfo
2002-11-11 Includes\Tracks.Deutsch.nfo
2002-11-11 Includes\Tracks.Espanol.nfo
2002-11-11 Includes\Tracks.Italiano.nfo
2002-11-11 Includes\Tracks.Lietuviu.nfo
2003-01-01 Includes\Tracks.nfo
2003-01-30 Includes\Tracks.uti
2002-11-11 Includes\Trojans.Deutsch.nfo
2002-11-11 Includes\Trojans.Espanol.nfo
2002-11-11 Includes\Trojans.Italiano.nfo
2002-11-11 Includes\Trojans.Lietuviu.nfo
2003-01-01 Includes\Trojans.nfo
2003-01-29 Includes\Trojans.sbi
2003-01-27 Includes\URL-Blacklist.sbs

maar ik kan hier verder niks mee, alleen probleem repareren, maar dat lost het probleem niet op,
iig bedankt voor het meedenken


groeten

Charles

 

[Kleinkramer]

Je doet iets niet helemaal goed.

Andere manier:

Ga naar http://www.spywareinfo.com/downloads.php#det , en download daar 'Hijack This'.

Pak het uit, en dubbelklik vervolgens HijackThis.exe.
Klik op "Scan", en vervolgens op "Save Log File" , en post vervolgens de inhoud van die log hier.

Dan zien we wat we weg moeten halen.

 

[oossie]

Ton, is dit wat je bedoelt

Logfile of HijackThis v1.91.2
Scan saved at 16:03:47, on 4-2-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=localhost
O2 - BHO: (no name) - {5a7698f0-1e1a-4f5b-bca1-0b35c2ccb1a8} - C:\DOCUME~1\Charles\APPLIC~1\ceawprbrquly.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [thbrquea] C:\DOCUME~1\Charles\APPLIC~1\blgloosf.exe -QuieT
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 2.5\TH_Guard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37652.7344560185

groeten charles

 

[Kleinkramer]

Dank!.

Run Hijack This, en vink de volgende 4 zaken aan.

Sluit vervolgens alle Internet Explorer vensters, en klik op "Fix Checked" om HT de aangevinkte zaken te laten verwijderen.

Daarna MOET je opnieuw opstarten.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=

O2 - BHO: (no name) - {5a7698f0-1e1a-4f5b-bca1-0b35c2ccb1a8} - C:\DOCUME~1\Charles\APPLIC~1\ceawprbrquly.dll

O4 - HKLM\..\Run: [thbrquea] C:\DOCUME~1\Charles\APPLIC~1\blgloosf.exe -QuieT

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe


Na het opnieuw opstarten ga je naar C:\Documents and Settings\Charles\Application Data, en wis het bestand blgloosf.exe

Dan ben je er vanaf.

Groetjes,

 

[oossie]

Bedankt

Ton bedankt, ik ben nu iig verschoond van tjem.com

Groetjes Charles