Mededeling

Collapse
No announcement yet.

Log van Per Kouwenhoven

Collapse
This topic is closed.
X
X
 
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Log van Per Kouwenhoven

    Hier het log van (wederom) een collega.
    Blijft met MyWeb Search balken tobben.

    Logfile of HijackThis v1.98.2
    Scan saved at 13:06:28, on 7-12-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\NetPumper\NetPumperIEProxy.exe
    C:\Program Files\AVPersonal\AVSched32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\windows\system32\sncntr.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\windows\system32\evthtm.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\ISTsvc\istsvc.exe
    C:\WINDOWS\ikjin.exe
    C:\Program Files\BullsEye Network\bin\bargains.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\wincmd\WINCMD32.EXE
    C:\Documents and Settings\Peter Kouwenhoven\Local Settings\Temporary Internet Files\Content.IE5\K1UF0TQJ\HijackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_p...unt_id=1001038
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_p...unt_id=1001038
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://tjdo.com/searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#10213
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_p...unt_id=1001038
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.planet.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O1 - Hosts: 216.177.73.139 auto.search.msn.com
    O1 - Hosts: 216.177.73.139 search.netscape.com
    O1 - Hosts: 216.177.73.139 ieautosearch
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
    O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
    O2 - BHO: ViewSource Class - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Documents and Settings\Peter Kouwenhoven\Application Data\iefeatsl\iefeatsl.dll (file missing)
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem216.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
    O2 - BHO: BHObj Class - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll (file missing)
    O2 - BHO: SearchHookObject Class - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\Peter Kouwenhoven\Application Data\iefeatsl\msiesh.dll
    O3 - Toolbar: (no name) - {44FC4114-0BF7-4671-B2B4-0350FA4A975E} - (no file)
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\nl\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
    O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
    O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [Mscnt] c:\windows\system32\mscnt.exe /noconnect
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm
    O4 - HKLM\..\Run: [EvtHtm] c:\windows\system32\evthtm.exe /nocomm
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
    O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
    O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [n8u1qK] C:\WINDOWS\ikjin.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
    O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
    O4 - HKLM\..\RunOnce: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus /ro
    O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Peter Kouwenhoven"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: LimeWire 4.0.8 Pro.lnk = C:\Program Files\LimeWire\LimeWire 4.0.8 Pro\LimeWire.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm108
    O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {11111111-1111-1111-1111-115201410728} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f10213.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.8.cab
    O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/in....26/Hiwire.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.nedersex.nl/plugin/nedersexnl126.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.planet.nl/exent/classes/ExentCtl.ocx
    O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Microsoft Interactieve Training\o10c\mitm0026.cab
    O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
    O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
    O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.terra.es/personal5/bomb-mp3/mp3plugin.exe
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - http://www.talkingbuddy.com/talkingbuddyinstall.exe
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
    O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
    O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://cdn.climaxbucks.com/mt/dialers/fc/UniDistIO.CAB
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tjdo.com
    O17 - HKLM\Software\..\Telephony: DomainName = tjdo.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{00F7A394-E6E8-44EF-BC70-084ED5E90F86}: Domain = tjdo.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8127D45D-F549-42EF-90FE-C4696D2DB5B4}: NameServer = 195.121.1.34 195.121.1.66
    O17 - HKLM\System\CCS\Services\Tcpip\..\{915DE12A-59AB-4526-A818-44B944F29331}: Domain = tjdo.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tjdo.com
    O17 - HKLM\System\CS1\Services\Tcpip\..\{00F7A394-E6E8-44EF-BC70-084ED5E90F86}: Domain = tjdo.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tjdo.com
    O17 - HKLM\System\CS2\Services\Tcpip\..\{00F7A394-E6E8-44EF-BC70-084ED5E90F86}: Domain = tjdo.com
    99.9% van de computerproblemen zit tussen de bureaustoel en het toetsenbord!!! .

  • #2
    Hi wajang,

    Verplaats HijackThis, bij voorkeur naar c:\Program Files\HijackThis. Overal is goed, behalve je Bureaublad of een tijdelijke map. Als HijackThis in een tijdelijke map loop je het risico dat backups verwijderd worden, en het Bureaublad wordt anders een puinhoop met alle backups.
    Als je Windows XP gebruikt, kan het zijn dat je hebt dubbelgeklikt op het bestand HijackThis.exe. Dan wordt het programma uitgepakt naar en tijdelijke map. Selecteer het bestand pak het uit.

    Hoe maak je een nieuwe map:

    Klik op "Mijn Computer", dan "C:\" en op "Program Files".
    Uit het menu kies "Bestand"->"Nieuw"->"Map"
    Dat maakt een map met de naam "Nieuwe map", die je kan hernoemen tot "HJT" of "HijackThis"
    Nu heb je "C:\Program Files\HijackThis". Plaats HijackThis.exe daar.

    === Download Need Programs ===
    Je hebt een Look2Me, VX2.BetterInternet infectie.

    Download de laatste versie van Ad-Aware van
    http://www.lavasoft.de/software/adaware/

    Download het volgende programma en installeer het in zijn eigen map:
    http://downloads.subratam.org/VX2Finder(126).exe

    === Get Name of Hidden dll ===
    Start vx2finder(126).exe
    Klik 'Click to Find VX2.BetterInternet'
    Klik 'Make Log' en post het in deze thread.

    Download Ad-aware SE en update het (Wereldbol ikoon, daarna Connect). Klik op "Perform Full System Scan". Ontvink "Search for negligible risk entries" en klik op "Next". Verwijder alles dat AdAware vindt.

    Herstart je computer en scan nog een keer. Herhaal dit totdat AdAware niets meer vindt.

    Download SpyBot S+D.
    Na installatie, klik op "Search for Updates" en download wat het programma vindt.
    Klik op "Search & Destroy" en op "Check for problems". Verwijder wat het vindt.

    Laat je computer checken op deze sites:

    Housecall Anti Virus Panda Anti Virus Trojan Scan

    En dit is de link naar McAfee AVERT Stinger met instrukties voor gebruik.

    Zet een vink bij "Auto Clean" voor je gaat scannen.Als het iets niet kan schoonmaken laat het het dan verwijderen of noteer de plaats zodat je het zelf kan verwijderen.

    Post hierna een nieuwe log.

    Comment


    • #3
      Te moeilijk

      Om een map te maken, liep bij Peter al het water op zijn rug.
      Dus verdere actie is niet gewenst.
      De oplossing is voor hem te moeilijk.
      De PC is teruggezet (2 jaar!) naar de opleveringsdatum met de resquedisk.
      Mag een slotje op.

      Bedankt.
      99.9% van de computerproblemen zit tussen de bureaustoel en het toetsenbord!!! .

      Comment

      Working...
      X