Mededeling

**winnie** · 03-01-05, 21:04

Icons niet te verwijderen deel 2

Update:

Inmiddels is het eerste gedeelte van het probleem opgelost...de icons zijn
verdwenen van mijn bureaublad. Vraag me niet hoe.......

Blijft het probleem dat ze nog (hardnekkig) in mijn Internet Explorer Favouriten staan

Bedankt,
Winnie

**winnie** · 24-01-05, 20:18

Hallo Buffy & rest van het ASO team,
Hierbij (hoplijk) het echte logfile en alvast bedankt voor je hulp.
Tevens bedankt Fred dat je me nog even een remindertje stuurde.
Ik hoor graag van jullie hoe van het ongemak af te komen (nuke the bastards!)
Groeten,
Winnie
*************************************************
Logfile of HijackThis v1.99.0
Scan saved at 21:04:23, on 24-1-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SYSTEM~1\soap.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\Winnie\Mijn documenten\Hijack This\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jzneotnqge.com/_FPnPSBRXEnJXBbzcnBNiHW/RSdj_bZ1AKB_nVKsMVN9q7lkPRyhmqBWycqCreWf.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B51DA774-7EBD-32DD-3233-7D4991E37EEC} - C:\DOCUME~1\Winnie\APPLIC~1\CORNGL~1\Knob Team.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EEDE52D2-E363-3685-640A-66AF5536E620} - C:\PROGRA~1\CORNGL~1\Knob Team.exe (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [THIRD MEET WIPE DEBUG] C:\Documents and Settings\All Users\Application Data\Amok Exit Third Meet\each media.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Chic Creative] C:\DOCUME~1\Winnie\APPLIC~1\stoplove\Window Heck.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: MP3nice - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - https://producten.denhaag.nl/taxatieverslag/GBDWoz/Viewers/cycloscope/cycloscopelite.cab
O16 - DPF: {E7687142-AAC1-11D6-8738-444553540000} (CycloMedia LeadDecompressor Plugin) - https://producten.denhaag.nl/taxatieverslag/GBDWoz/Viewers/cycloscope/CMDecomp.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

**Buffy** · 24-01-05, 20:28

Hoi Winnie,

Sorry dat je niet eerder antwoord hebt gekregen. Je log is blijkbaar over het hoofd gezien. Door de grote drukte hier gebeurt dat soms. Onze excuses.

1. Scan met HijackThis en vink de volgende items aan:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jzneotnqge.com/_FPnPSBRXEnJXB...BWycqCreWf.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {B51DA774-7EBD-32DD-3233-7D4991E37EEC} - C:\DOCUME~1\Winnie\APPLIC~1\CORNGL~1\Knob Team.exe
O2 - BHO: (no name) - {EEDE52D2-E363-3685-640A-66AF5536E620} - C:\PROGRA~1\CORNGL~1\Knob Team.exe (file missing)

O4 - HKLM\..\Run: [THIRD MEET WIPE DEBUG] C:\Documents and Settings\All Users\Application Data\Amok Exit Third Meet\each media.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [Chic Creative] C:\DOCUME~1\Winnie\APPLIC~1\stoplove\Window Heck.exe

O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab

Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus.
Mocht je niet weten hoe dat moet, kijk dan hier even: http://users.telenet.be/marcvn/spyware/1378056.htm

Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

Verwijder nu, in veilige modus dus, de volgende mappen:

C:\Program Files\Plus18Point <- die map
C:\Program Files\System Soap Pro <- die map
C:\Documents and Settings\All Users\Application Data\Amok Exit Third Meet <- die map
C:\Documents and Settings\Winnie\Application Data\stoplove <- die map
C:\Documents and Settings\Winnie\Application Data\CORNGL~1 <- die map waarvan de naam begint met de letters "corngl"

3. Herstart de pc in 'normale modus'.

4. Maak een nieuw log en plaats dat hier.

**winnie** · 24-01-05, 21:10

Hallo Buffy,
Alvast bedankt, ga metteen slayeren.
Groetjes,
Winnie

**winnie** · 24-01-05, 21:49

Hoi Buffy,
Opdrachten uitgevoerd en hierbij het log na het slayeren.

De volgende mappen heb ik trouwens niet gevonden, dus ook niet verwijderd:
C:\Program Files\Plus18Point
C:\Documents and Setting\Winnie\Application Data\stoplove
C:\Documents and Settings\Winnie\Applcation Data\CORNGL~1

Bovendien kreeg ik bij het opnieuw opstarten het hulpprogramma voor systeemconfiguratie op het scherm, die me vroeg om de normale opstart modus te kiezen en de veranderingen die ik eerder hebt gemaakt, ongedaan te maken.
Heb ik gedaan. (Dus: Normale opstart gekozen)

Maak het niet te laat..................ook slayers moeten ssslapen.
Groetjes,
Winnie

**************************************************
Logfile of HijackThis v1.99.0
Scan saved at 22:41:29, on 24-1-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Winnie\Mijn documenten\Hijack This\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vwylrzhylqkmxfwwiy.com/_FPnPSBRXEnJXBbzcnBNiHW/RSdj_bZ1AKB_nVKsMVOdltLYIrNASKBWycqCreWf.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: MP3nice - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - https://producten.denhaag.nl/taxatieverslag/GBDWoz/Viewers/cycloscope/cycloscopelite.cab
O16 - DPF: {E7687142-AAC1-11D6-8738-444553540000} (CycloMedia LeadDecompressor Plugin) - https://producten.denhaag.nl/taxatieverslag/GBDWoz/Viewers/cycloscope/CMDecomp.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

**Buffy** · 24-01-05, 22:35

Hoi,

Eén van mijn poezen heet ook Winnie.

1. Scan met HijackThis en vink de volgende items aan:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vwylrzhylqkmxfwwiy.com/_...BWycqCreWf.html

Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Start de pc opnieuw op.

3. Maak een nieuw log en plaats dat hier.

**winnie** · 25-01-05, 20:41

Hallo Buffy,

Meestal wordt ik (nou ja hopelijk alleen door de naam) geassocieerd met Winnie de Pooh......nou ja gelukkig wel een beer met humor.

Komt dat log...........................

(out demons out)

Alvast bedankt maar weer,
Winnie

*************************************************

Logfile of HijackThis v1.99.0
Scan saved at 21:35:56, on 25-1-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Winnie\Mijn documenten\Hijack This\hijackthis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: MP3nice - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - https://producten.denhaag.nl/taxatieverslag/GBDWoz/Viewers/cycloscope/cycloscopelite.cab
O16 - DPF: {E7687142-AAC1-11D6-8738-444553540000} (CycloMedia LeadDecompressor Plugin) - https://producten.denhaag.nl/taxatieverslag/GBDWoz/Viewers/cycloscope/CMDecomp.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

**Buffy** · 25-01-05, 20:49

De betreffende poes is dan ook genoemd naar Winnie the Pooh, hetgeen wel vreemd is want Winnie the Pooh is een mannetje terwijl Winnie de Poes een vrouwtje is. Maar dit terzijde. (Ze is trouwens wel lief.)

Terzake: je log ziet er prima uit nu! Zijn de problemen opgelost?

**winnie** · 29-01-05, 19:26

Helaas....

Hoi Buffy,

Ik was een paar dagen het land uit vandaar mijn later reactie.
In eerste instantie was alles verholpen, maar tijdens mijn afwezigheid heeft mijn huisgenoot gesurfed en niet geschoond en nu zit de hele zooi weer in mijn favourieten

*#@!%!! (bureaublad is nog schoon).

Wat is het beste, stuur ik je opnieuw een log of kan ik de eerdere procedure gewoon herhalen? Wil je niet onnodig bezighouden.......

Groeten aan Winnie (ik heb ook 3 van die monsters: Bibi, Alex en Japie. Die laatste heeft ongeveer wel de omvang van een winnie de pooh)

Winnie

**Buffy** · 29-01-05, 19:32

Hoi Winnie,

Waarschijnlijk is dat niet de schuld van je huisgenoot. Deze spyware plaatst soms jobs in de Taakplanner die ervoor zorgen dat het weer terugkomt. Waarschijnlijk is dat nu ook het geval geweest. Dat moeten we nu dus nog even oplossen (is niet zo moeilijk hoor). Doe de volgende twee dingen:

1. Maak een nieuw HijackThis-log en plaats dat hier.

2. Open Kladblok. Kopieer de tekst uit de volgende box en plak die in een nieuw document:

Code:

dir c:\windows\tasks /a h > files.txt
notepad files.txt

Sla dit op als findjobs.bat, kies bij opslaan voor "alle bestanden" en plaats het op je bureaublad.

Dubbelklik op findjobs.bat (dat nu op je bureaublad staat) en post de inhoud van het txtbestandje dat je dan krijgt hier in je volgende bericht (samen met je nieuwe HijackThis-log).

**winnie** · 29-01-05, 20:17

Okay Buffy istie weer. Hijacklog vid ik er een beetje vreemd uitzien - hoop dat ik alles goed heb gegaan.
Winnie

*********************************************
Het volume in station C heeft geen naam.
Het volumenummer is E418-89C4

Map van c:\windows\tasks

29-01-2005 12:00 <DIR> .
29-01-2005 12:00 <DIR> ..
29-01-2005 21:00 270 A46DC26091AE7574.job
29-01-2005 21:00 238 A5DBD48991985325.job
29-01-2005 21:00 238 AE597AC79186EB7F.job
11-09-2002 06:00 65 DESKTOP.INI
02-05-2004 09:37 416 Norton AntiVirus - Mijn computer scannen.job
29-01-2005 19:38 6 SA.DAT
26-01-2005 21:12 366 Symantec NetDetect.job
7 bestand(en) 1.599 bytes

Map van C:\Documents and Settings\Winnie\Mijn documenten
**************************************************

Hijacklog:

HKEY_CLASSES_ROOT\Installer\Patches\6CC506A1D82E05D4DAC4B560A3F4B6BC\SourceList | LastUsedSource | File "C:\Program Files\OfficeUpdate11\Cabs\511741\" does not exist.
HKEY_CLASSES_ROOT\Installer\Patches\6CC506A1D82E05D4DAC4B560A3F4B6BC\SourceList\Net | 1 | File "C:\Program Files\OfficeUpdate11\Cabs\511741\" does not exist.
HKEY_CLASSES_ROOT\Installer\Patches\EAC183F3C1EE42C48B19E90D29FEE1F6\SourceList | LastUsedSource | File "C:\Program Files\OfficeUpdate11\Cabs\512136\" does not exist.
HKEY_CLASSES_ROOT\Installer\Patches\EAC183F3C1EE42C48B19E90D29FEE1F6\SourceList\Net | 1 | File "C:\Program Files\OfficeUpdate11\Cabs\512136\" does not exist.
HKEY_CLASSES_ROOT\OISbmpfile | {KEY} | Useless file extension.
HKEY_CLASSES_ROOT\OISbmpfile | @ | Useless empty key
HKEY_CLASSES_ROOT\OISemffile | {KEY} | Useless file extension.
HKEY_CLASSES_ROOT\OISemffile | @ | Useless empty key
HKEY_CLASSES_ROOT\OISgiffile | {KEY} | Useless file extension.
HKEY_CLASSES_ROOT\OISgiffile | @ | Useless empty key
HKEY_CLASSES_ROOT\OISjpegfile | {KEY} | Useless file extension.
HKEY_CLASSES_ROOT\OISjpegfile | @ | Useless empty key
HKEY_CLASSES_ROOT\OISpngfile | {KEY} | Useless file extension.
HKEY_CLASSES_ROOT\OISpngfile | @ | Useless empty key
HKEY_CLASSES_ROOT\OIStiffile | {KEY} | Useless file extension.
HKEY_CLASSES_ROOT\OIStiffile | @ | Useless empty key
HKEY_CLASSES_ROOT\OISwmffile | {KEY} | Useless file extension.
HKEY_CLASSES_ROOT\OISwmffile | @ | Useless empty key
HKEY_CURRENT_USER\Software\3rd Eye Solutions | {KEY} | Obsolete software entry.
HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Excel\Recent Files | File3 | File "C:\Documents and Settings\Winnie\Mijn documenten\Excel\adressen Sneeuwbal-alf..xls" does not exist.
HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Excel\Recent Files | File4 | File "C:\Documents and Settings\Winnie\Mijn documenten\Excel\adressen Sneeuwbal.xls" does not exist.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU | b | File "C:\Documents and Settings\Winnie\Mijn documenten\Mijn afbeeldingen\AEG Venture Twin" does not exist.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* | b | File "C:\Documents and Settings\Winnie\Mijn documenten\hijackthis.log" does not exist.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log | a | File "C:\Documents and Settings\Winnie\Mijn documenten\hijackthis.log" does not exist.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt | a | File "C:\Documents and Settings\Winnie\Mijn documenten\Hijack This\hilog16012005.txt" does not exist.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip | a | File "C:\Documents and Settings\Winnie\Bureaublad\defs.zip" does not exist.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bak | {KEY} | Useless file extension.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DAT | {KEY} | Useless file extension.
HKEY_LOCAL_MACHINE\Software\classes\Installer\Patches\6CC506A1D82E05D4DAC4B560A3F4B6BC\SourceList | LastUsedSource | File "C:\Program Files\OfficeUpdate11\Cabs\511741\" does not exist.
HKEY_LOCAL_MACHINE\Software\classes\Installer\Patches\6CC506A1D82E05D4DAC4B560A3F4B6BC\SourceList\Ne t | 1 | File "C:\Program Files\OfficeUpdate11\Cabs\511741\" does not exist.
HKEY_LOCAL_MACHINE\Software\classes\Installer\Patches\EAC183F3C1EE42C48B19E90D29FEE1F6\SourceList | LastUsedSource | File "C:\Program Files\OfficeUpdate11\Cabs\512136\" does not exist.
HKEY_LOCAL_MACHINE\Software\classes\Installer\Patches\EAC183F3C1EE42C48B19E90D29FEE1F6\SourceList\Ne t | 1 | File "C:\Program Files\OfficeUpdate11\Cabs\512136\" does not exist.
HKEY_LOCAL_MACHINE\Software\classes\OISbmpfile | {KEY} | Useless file extension.
HKEY_LOCAL_MACHINE\Software\classes\OISbmpfile | @ | Useless empty key
HKEY_LOCAL_MACHINE\Software\classes\OISbmpfile | @ | Useless empty key
HKEY_LOCAL_MACHINE\Software\classes\OISemffile | {KEY} | Useless file extension.
HKEY_LOCAL_MACHINE\Software\classes\OISemffile | @ | Useless empty key
HKEY_LOCAL_MACHINE\Software\classes\OISemffile | @ | Useless empty key
HKEY_LOCAL_MACHINE\Software\classes\OISgiffile | {KEY} | Useless file extension.
HKEY_LOCAL_MACHINE\Software\classes\OISgiffile | @ | Useless empty key
HKEY_LOCAL_MACHINE\Software\classes\OISgiffile | @ | Useless empty key
HKEY_LOCAL_MACHINE\Software\classes\OISjpegfile | {KEY} | Useless file extension.
HKEY_LOCAL_MACHINE\Software\classes\OISjpegfile | @ | Useless empty key
HKEY_LOCAL_MACHINE\Software\classes\OISjpegfile | @ | Useless empty key
HKEY_LOCAL_MACHINE\Software\classes\OISpngfile | {KEY} | Useless file extension.
HKEY_LOCAL_MACHINE\Software\classes\OISpngfile | @ | Useless empty key
HKEY_LOCAL_MACHINE\Software\classes\OISpngfile | @ | Useless empty key
HKEY_LOCAL_MACHINE\Software\classes\OIStiffile | {KEY} | Useless file extension.
HKEY_LOCAL_MACHINE\Software\classes\OIStiffile | @ | Useless empty key
HKEY_LOCAL_MACHINE\Software\classes\OIStiffile | @ | Useless empty key
HKEY_LOCAL_MACHINE\Software\classes\OISwmffile | {KEY} | Useless file extension.
HKEY_LOCAL_MACHINE\Software\classes\OISwmffile | @ | Useless empty key
HKEY_LOCAL_MACHINE\Software\classes\OISwmffile | @ | Useless empty key
HKEY_LOCAL_MACHINE\Software\Lexmark\MarkVision\LexBCE\Debug Options | Log File | File "C:\LEXBCE32.LOG" does not exist.
HKEY_LOCAL_MACHINE\Software\Lexmark\MarkVision\LexBCE\Debug Options | Print Log File | File "C:\LEXBCE32_PRINT.LOG" does not exist.
HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\Client\Extensions | Remote Exchange Extensions | File "C:\WINDOWS\System32\emsui32.dll" does not exist.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1A605CC6-E28D-4D50-AD4C-5B063A4F6BCB} | {KEY} | Obsolete Add / Remove menu entry.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1A605CC6-E28D-4D50-AD4C-5B063A4F6BCB} | SlowInfoCache | Useless empty key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1A605CC6-E28D-4D50-AD4C-5B063A4F6BCB} | Changed | Useless empty key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3F381CAE-EE1C-4C24-B891-9ED092EF1E6F} | {KEY} | Obsolete Add / Remove menu entry.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3F381CAE-EE1C-4C24-B891-9ED092EF1E6F} | SlowInfoCache | Useless empty key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3F381CAE-EE1C-4C24-B891-9ED092EF1E6F} | Changed | Useless empty key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C5F7472D-2437-49A9-892C-75C0526E0932} | {KEY} | Obsolete Add / Remove menu entry.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C5F7472D-2437-49A9-892C-75C0526E0932} | SlowInfoCache | Useless empty key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C5F7472D-2437-49A9-892C-75C0526E0932} | Changed | Useless empty key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs | C:\WINDOWS\system32\MSXML3A.DLL | File "C:\WINDOWS\system32\MSXML3A.DLL" does not exist.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs | C:\WINDOWS\system32\DIMM.DLL | File "C:\WINDOWS\system32\DIMM.DLL" does not exist.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help | nwind9.cnt | File "C:\Program Files\Microsoft Office\Office10\Samples\" does not exist.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help | nwind9.hlp | File "C:\Program Files\Microsoft Office\Office10\Samples\" does not exist.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help | nwindcs9.cnt | File "C:\Program Files\Microsoft Office\Office10\Samples\" does not exist.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help | nwindcs9.hlp | File "C:\Program Files\Microsoft Office\Office10\Samples\" does not exist.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager | PendingFileRenameOperations | File "C:\DOCUME~1\Winnie\LOCALS~1\Temp\temp.fr6E08" does not exist.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager | PendingFileRenameOperations | File "C:\DOCUME~1\Winnie\LOCALS~1\Temp\temp.fr6E08" does not exist.
HKEY_USERS\S-1-5-21-1392171988-706082513-3597662903-1007\Software\Microsoft\Office\11.0\Excel\Recent Files | File3 | File "C:\Documents and Settings\Winnie\Mijn documenten\Excel\adressen Sneeuwbal-alf..xls" does not exist.
HKEY_USERS\S-1-5-21-1392171988-706082513-3597662903-1007\Software\Microsoft\Office\11.0\Excel\Recent Files | File4 | File "C:\Documents and Settings\Winnie\Mijn documenten\Excel\adressen Sneeuwbal.xls" does not exist.
HKEY_USERS\S-1-5-21-1392171988-706082513-3597662903-1007\Software\Microsoft\Office\11.0\Excel\Recent Files | File3 | File "C:\Documents and Settings\Winnie\Mijn documenten\Excel\adressen Sneeuwbal-alf..xls" does not exist.
HKEY_USERS\S-1-5-21-1392171988-706082513-3597662903-1007\Software\Microsoft\Office\11.0\Excel\Recent Files | File4 | File "C:\Documents and Settings\Winnie\Mijn documenten\Excel\adressen Sneeuwbal.xls" does not exist.
HKEY_USERS\S-1-5-21-1392171988-706082513-3597662903-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU | b | File "C:\Documents and Settings\Winnie\Mijn documenten\Mijn afbeeldingen\AEG Venture Twin" does not exist.
HKEY_USERS\S-1-5-21-1392171988-706082513-3597662903-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU | b | File "C:\Documents and Settings\Winnie\Mijn documenten\Mijn afbeeldingen\AEG Venture Twin" does not exist.
HKEY_USERS\S-1-5-21-1392171988-706082513-3597662903-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* | b | File "C:\Documents and Settings\Winnie\Mijn documenten\hijackthis.log" does not exist.
HKEY_USERS\S-1-5-21-1392171988-706082513-3597662903-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* | b | File "C:\Documents and Settings\Winnie\Mijn documenten\hijackthis.log" does not exist.
HKEY_USERS\S-1-5-21-1392171988-706082513-3597662903-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log | a | File "C:\Documents and Settings\Winnie\Mijn documenten\hijackthis.log" does not exist.
HKEY_USERS\S-1-5-21-1392171988-706082513-3597662903-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log | a | File "C:\Documents and Settings\Winnie\Mijn documenten\hijackthis.log" does not exist.
HKEY_USERS\S-1-5-21-1392171988-706082513-3597662903-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt | a | File "C:\Documents and Settings\Winnie\Mijn documenten\Hijack This\hilog16012005.txt" does not exist.
HKEY_USERS\S-1-5-21-1392171988-706082513-3597662903-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt | a | File "C:\Documents and Settings\Winnie\Mijn documenten\Hijack This\hilog16012005.txt" does not exist.
HKEY_USERS\S-1-5-21-1392171988-706082513-3597662903-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip | a | File "C:\Documents and Settings\Winnie\Bureaublad\defs.zip" does not exist.
HKEY_USERS\S-1-5-21-1392171988-706082513-3597662903-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip | a | File "C:\Documents and Settings\Winnie\Bureaublad\defs.zip" does not exist.

**Buffy** · 29-01-05, 21:14

Hoi,

Dat is geen HijackThis-log, Winnie.

Doe nu het volgende:

1. Open kladblok. Kopieer en plak het volgende in een nieuw document:

Code:

%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h A46DC26091AE7574.job
del A46DC26091AE7574.job
attrib -r -s -h A5DBD48991985325.job
del A5DBD48991985325.job
attrib -r -s -h AE597AC79186EB7F.job
del AE597AC79186EB7F.job

Sla dit op als remjob.bat , kies onder opslaan voor "alle bestanden" en plaats het op je bureaublad.

Dubbelklik op remjob.bat.

2. Start de pc opnieuw op.

3. Dubbelklik weer op findjobs.bat en plaats het logje dat ontstaat hier in je volgende bericht.

4. Start HijackThis. Klik op "Do a system scan and save a log file". Kopieer het gehele log en plaats ook dat in je volgende bericht.

**winnie** · 30-01-05, 15:22

stompie hier

Mea Culpa. Zeker overdose aan stupid pills genomen...

Hierbij de goede informatie...
*****************************************************
Findjobs.bat:

Het volume in station C heeft geen naam.
Het volumenummer is E418-89C4

Map van c:\windows\tasks

30-01-2005 16:14 <DIR> .
30-01-2005 16:14 <DIR> ..
11-09-2002 06:00 65 DESKTOP.INI
02-05-2004 09:37 416 Norton AntiVirus - Mijn computer scannen.job
30-01-2005 16:15 6 SA.DAT
29-01-2005 21:12 366 Symantec NetDetect.job
4 bestand(en) 853 bytes

Map van C:\Documents and Settings\Winnie\Mijn documenten
*********************************************************
Hijack Log:
Logfile of HijackThis v1.99.0
Scan saved at 16:07:18, on 30-1-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\Winnie\Mijn documenten\Hijack This\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.rqvibfxlxxdymntwyage.us/_FPnPSBRXEnJXBbzcnBNiHW/RSdj_bZ1AKB_nVKsMVNvx5bk1MQB2qBWycqCreWf.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B51DA774-7EBD-32DD-3233-7D4991E37EEC} - C:\DOCUME~1\Winnie\APPLIC~1\CORNGL~1\Knob Team.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [THIRD MEET WIPE DEBUG] C:\Documents and Settings\All Users\Application Data\Amok Exit Third Meet\Objthunk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Chic Creative] C:\DOCUME~1\Winnie\APPLIC~1\stoplove\Window Heck.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: MP3nice - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - https://producten.denhaag.nl/taxatieverslag/GBDWoz/Viewers/cycloscope/cycloscopelite.cab
O16 - DPF: {E7687142-AAC1-11D6-8738-444553540000} (CycloMedia LeadDecompressor Plugin) - https://producten.denhaag.nl/taxatieverslag/GBDWoz/Viewers/cycloscope/CMDecomp.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

**Buffy** · 30-01-05, 15:28

1. Scan met HijackThis en vink de volgende items aan:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.rqvibfxlxxdymntwyage.us/_...WycqCreWf.html

O2 - BHO: (no name) - {B51DA774-7EBD-32DD-3233-7D4991E37EEC} - C:\DOCUME~1\Winnie\APPLIC~1\CORNGL~1\Knob Team.exe

O4 - HKLM\..\Run: [THIRD MEET WIPE DEBUG] C:\Documents and Settings\All Users\Application Data\Amok Exit Third Meet\Objthunk.exe
O4 - HKCU\..\Run: [Chic Creative] C:\DOCUME~1\Winnie\APPLIC~1\stoplove\Window Heck.exe

Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus en verwijder de volgende mappen (voor zover nog aanwezig):

C:\Documents and Settings\Winnie\Application Data\stoplove <- die map
C:\Documents and Settings\Winnie\Application Data\CORNGL~1 <- die map
C:\Documents and Settings\All Users\Application Data\Amok Exit Third Meet <- die map

3. Herstart de pc in 'normale modus'.

4. Maak een nieuw HijackThis-log en plaats dat hier.

Mededeling

Icons + Favourieten niet te verwijderen

Icons + Favourieten niet te verwijderen

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment