Mededeling

Collapse
No announcement yet.

hans

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • hans

    Logfile of HijackThis v1.98.2
    Scan saved at 20:58:56, on 27-10-04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\STARTER.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
    C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
    C:\HPGS2WND.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\KPN TELECOM\IKB\IDTT.EXE
    C:\WINDOWS\SBNET\SHOWBEHIND.EXE
    C:\PROGRAM FILES\SAVE\SAVE.EXE
    C:\PROGRAM FILES\WINAMP3\WINAMPA.EXE
    C:\PROGRAM FILES\NCASE\MSBB.EXE
    C:\PROGRAM FILES\VSN\VSN.EXE
    C:\HPGS2WNF.EXE
    C:\WINDOWS\SYSTEM\KAGVBURX.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\EREG\REMIND32.EXE
    C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
    C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    D:\MIJN DOCUMENTEN\MIJN ONTVANGEN BESTANDEN\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.woordendaad.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://signup.rdnet.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door RDNet
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\XUPITER\XTSEARCH.DLL (file missing)
    F1 - win.ini: run=hpfsched
    O2 - BHO: XT Class - {2662BDD7-05D6-408F-B241-FF98FACE6054} - C:\PROGRAM FILES\XUPITER\XTUPDATE.DLL (file missing)
    O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
    O3 - Toolbar: Xupiter - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - C:\PROGRAM FILES\XUPITER\XUPITERTOOLBAR.DLL (file missing)
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
    O4 - HKLM\..\Run: [DU Meter] C:\PROGRAM FILES\DU METER\DUMETER.EXE
    O4 - HKLM\..\Run: [AudioHQ] C:\PROGRAM FILES\CREATIVE\SBLIVE\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [FinePrint Dispatcher] C:\WINDOWS\SYSTEM\fpdisp3a.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [XupiterStartup] C:\Program Files\Xupiter\XupiterStartup2003.exe
    O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\hpgs2wnd.exe
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [XupiterCfgLoader] C:\Program Files\Xupiter\XTCfgLoader.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [IKB] C:\PROGRAM FILES\KPN TELECOM\IKB\IDTT.EXE
    O4 - HKLM\..\Run: [WREP] C:\PROGRAM FILES\KPN TELECOM\IKB\PREP.EXE
    O4 - HKLM\..\Run: [ShowBehind] C:\WINDOWS\SBNET\SHOWBEHIND.EXE
    O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\NCASE\MSBB.EXE
    O4 - HKLM\..\Run: [VSN] C:\PROGRAM FILES\VSN\VSN.EXE
    O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
    O4 - HKLM\..\Run: [azkl] C:\WINDOWS\azkl.exe
    O4 - HKLM\..\Run: [rsqejexiwndz] C:\WINDOWS\SYSTEM\kagvburx.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKCU\..\Run: [Unilex2k] C:\PROGRAM FILES\EASY COMPUTING\DE GROTE ENCYCLOPEDIE 2000\tft.exe
    O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
    O4 - HKCU\..\Run: [WeatherCast] C:\PROGRA~1\WEATHE~1\Weather.exe /q
    O4 - HKCU\..\Run: [Registry Cleaner] "C:\PROGRAM FILES\REGISTRY CLEANER\REGCLEAN.EXE"
    O4 - Startup: reminder-ScanSoft Produkt Registrierung.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
    O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O14 - IERESET.INF: START_PAGE_URL=http://signup.rdnet.nl/
    O16 - DPF: {A27CFCAE-9351-4D74-BFFC-21EB19693D8C} - http://www.xupiter.com/search2/install/XupiterToolbarLoader.cab
    O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://huntfly.com/mp3search.exe
    O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TUR14165/thin.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O18 - Protocol: ayb - (no CLSID) - (no file)
    O18 - Filter: text/html - {CDB79D00-2780-11D9-9D82-0040F4A9425A} - C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\V0.26.DAT

  • #2
    Hoi Joel

    1. Start HijackThis weer op, en zet een vinkje voor onderstaande regels:

    Oorspronkelijk geplaatst door joel
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s

    R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\PROGRAM FILES\XUPITER\XTSEARCH.DLL (file missing)

    O2 - BHO: XT Class - {2662BDD7-05D6-408F-B241-FF98FACE6054} - C:\PROGRAM FILES\XUPITER\XTUPDATE.DLL (file missing)
    O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
    O3 - Toolbar: Xupiter - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - C:\PROGRAM FILES\XUPITER\XUPITERTOOLBAR.DLL (file missing)

    O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
    O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
    O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\NCASE\MSBB.EXE
    O4 - HKLM\..\Run: [VSN] C:\PROGRAM FILES\VSN\VSN.EXE
    O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
    O4 - HKLM\..\Run: [azkl] C:\WINDOWS\azkl.exe
    O4 - HKLM\..\Run: [rsqejexiwndz] C:\WINDOWS\SYSTEM\kagvburx.exe
    O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
    O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O16 - DPF: {A27CFCAE-9351-4D74-BFFC-21EB19693D8C} - http://www.xupiter.com/search2/insta...lbarLoader.cab
    O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://huntfly.com/mp3search.exe
    O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/...14165/thin.cab

    O18 - Protocol: ayb - (no CLSID) - (no file)
    O18 - Filter: text/html - {CDB79D00-2780-11D9-9D82-0040F4A9425A} - C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\V0.26.DAT
    2. Sluit nu alle (msn)vensters en browsers, zodat alleen HijackThis overblijft, en klik op "Fix Checked".

    3. Start opnieuw op in veilige modus.
    Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

    4. Verwijder, in veilige modus:
    Mappen
    C:\Program Files\SAVE
    C:\Program Files\NCASE
    C:\Program Files\Common Files\CMEII
    C:\Program Files\Common Files\GMT
    C:\Program Files\ClockSync
    C:\Program Files\VSN

    Bestanden
    C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\V0.26.DAT
    C:\WINDOWS\SYSTEM\kagvburx.exe
    C:\WINDOWS\ALCHEM.exe
    C:\WINDOWS\azkl.exe

    5. Start opnieuw op in normale modus.

    6. Download VX2Finder hiervandaan:
    http://www.downloads.subratam.org/VX2Finder.exe

    Plaats het in een eigen map.

    Draai Vx2Finder. Klik op De "Click to find VX2.BetterInternet" knop. Klik hierna op "Make Log"

    Kopier en plak de inhoud van dit logje in je volgende antwoord hier.

    7. Maak ook een nieuw HijackThis logje, en post dat tevens hier

    Comment


    • #3
      Files Found---


      User Agent String---
      RDNet IEAK

      Comment


      • #4
        Oorspronkelijk geplaatst door [email protected]
        Hoi Joel

        1. Start HijackThis weer op, en zet een vinkje voor onderstaande regels:



        2. Sluit nu alle (msn)vensters en browsers, zodat alleen HijackThis overblijft, en klik op "Fix Checked".

        3. Start opnieuw op in veilige modus.
        Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

        4. Verwijder, in veilige modus:
        Mappen
        C:\Program Files\SAVE
        C:\Program Files\NCASE
        C:\Program Files\Common Files\CMEII
        C:\Program Files\Common Files\GMT
        C:\Program Files\ClockSync
        C:\Program Files\VSN

        Bestanden
        C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\V0.26.DAT
        C:\WINDOWS\SYSTEM\kagvburx.exe
        C:\WINDOWS\ALCHEM.exe
        C:\WINDOWS\azkl.exe

        5. Start opnieuw op in normale modus.

        6. Download VX2Finder hiervandaan:
        http://www.downloads.subratam.org/VX2Finder.exe

        Plaats het in een eigen map.

        Draai Vx2Finder. Klik op De "Click to find VX2.BetterInternet" knop. Klik hierna op "Make Log"

        Kopier en plak de inhoud van dit logje in je volgende antwoord hier.

        7. Maak ook een nieuw HijackThis logje, en post dat tevens hier
        -------------------------------------------------------------------------
        Files Found---


        User Agent String---
        RDNet IEAK

        Logfile of HijackThis v1.98.2
        Scan saved at 22:10:41, on 27-10-04
        Platform: Windows 98 SE (Win9x 4.10.2222A)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\SYSTEM\KERNEL32.DLL
        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
        C:\WINDOWS\SYSTEM\MPREXE.EXE
        C:\WINDOWS\SYSTEM\mmtask.tsk
        C:\WINDOWS\SYSTEM\MSTASK.EXE
        C:\WINDOWS\SYSTEM\MDM.EXE
        C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
        C:\WINDOWS\EXPLORER.EXE
        C:\WINDOWS\TASKMON.EXE
        C:\WINDOWS\SYSTEM\SYSTRAY.EXE
        C:\WINDOWS\STARTER.EXE
        C:\WINDOWS\SYSTEM\STIMON.EXE
        C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
        C:\HPGS2WND.EXE
        C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
        C:\WINDOWS\LOADQM.EXE
        C:\PROGRAM FILES\KPN TELECOM\IKB\IDTT.EXE
        C:\HPGS2WNF.EXE
        C:\WINDOWS\SBNET\SHOWBEHIND.EXE
        C:\PROGRAM FILES\WINAMP3\WINAMPA.EXE
        C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\EREG\REMIND32.EXE
        C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
        C:\WINDOWS\SYSTEM\WMIEXE.EXE
        C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
        C:\WINDOWS\SYSTEM\PSTORES.EXE
        C:\WINDOWS\SYSTEM\SPOOL32.EXE
        C:\WINDOWS\SYSTEM\DDHELP.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\JOëL\VX2\KOPIE VAN VX2FINDER9X.EXE
        D:\MIJN DOCUMENTEN\MIJN ONTVANGEN BESTANDEN\HIJACKTHIS.EXE

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.woordendaad.nl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://signup.rdnet.nl/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door RDNet
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        F1 - win.ini: run=hpfsched
        O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL
        O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
        O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
        O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
        O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
        O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
        O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
        O4 - HKLM\..\Run: [DU Meter] C:\PROGRAM FILES\DU METER\DUMETER.EXE
        O4 - HKLM\..\Run: [AudioHQ] C:\PROGRAM FILES\CREATIVE\SBLIVE\AudioHQ\AHQTB.EXE
        O4 - HKLM\..\Run: [FinePrint Dispatcher] C:\WINDOWS\SYSTEM\fpdisp3a.exe
        O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
        O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
        O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
        O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
        O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
        O4 - HKLM\..\Run: [XupiterStartup] C:\Program Files\Xupiter\XupiterStartup2003.exe
        O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\hpgs2wnd.exe
        O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
        O4 - HKLM\..\Run: [XupiterCfgLoader] C:\Program Files\Xupiter\XTCfgLoader.exe
        O4 - HKLM\..\Run: [LoadQM] loadqm.exe
        O4 - HKLM\..\Run: [IKB] C:\PROGRAM FILES\KPN TELECOM\IKB\IDTT.EXE
        O4 - HKLM\..\Run: [WREP] C:\PROGRAM FILES\KPN TELECOM\IKB\PREP.EXE
        O4 - HKLM\..\Run: [ShowBehind] C:\WINDOWS\SBNET\SHOWBEHIND.EXE
        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
        O4 - HKLM\..\Run: [sogxbsyk] C:\WINDOWS\SYSTEM\KAGVBURX.EXE
        O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
        O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
        O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
        O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
        O4 - HKCU\..\Run: [Unilex2k] C:\PROGRAM FILES\EASY COMPUTING\DE GROTE ENCYCLOPEDIE 2000\tft.exe
        O4 - HKCU\..\Run: [WeatherCast] C:\PROGRA~1\WEATHE~1\Weather.exe /q
        O4 - HKCU\..\Run: [Registry Cleaner] "C:\PROGRAM FILES\REGISTRY CLEANER\REGCLEAN.EXE"
        O4 - Startup: reminder-ScanSoft Produkt Registrierung.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
        O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
        O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
        O14 - IERESET.INF: START_PAGE_URL=http://signup.rdnet.nl/
        O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
        O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
        O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
        O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
        O18 - Protocol: ayb - (no CLSID) - (no file)

        Comment


        • #5
          Hoi weer Joel

          1. Onderstaande even aanvinken en klikken op FIx Checked in HijackThis:

          O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL

          O4 - HKLM\..\Run: [sogxbsyk] C:\WINDOWS\SYSTEM\KAGVBURX.EXE

          O18 - Protocol: ayb - (no CLSID) - (no file)
          2. Start opnieuw op in veilige modus, en verwijder:
          C:\WINDOWS\SYSTEM\KAGVBURX.EXE << bestand

          3. Start opnieuw op in normale modus, en post een nieuw HijackThis logje hier

          Comment


          • #6
            -----------------------------------------
            27-10-2004
            22:26
            --------------------------------
            Logfile of HijackThis v1.98.2
            Scan saved at 22:24:31, on 27-10-04
            Platform: Windows 98 SE (Win9x 4.10.2222A)
            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

            Running processes:
            C:\WINDOWS\SYSTEM\KERNEL32.DLL
            C:\WINDOWS\SYSTEM\MSGSRV32.EXE
            C:\WINDOWS\SYSTEM\MPREXE.EXE
            C:\WINDOWS\SYSTEM\mmtask.tsk
            C:\WINDOWS\SYSTEM\MSTASK.EXE
            C:\WINDOWS\SYSTEM\MDM.EXE
            C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
            C:\WINDOWS\EXPLORER.EXE
            C:\WINDOWS\TASKMON.EXE
            C:\WINDOWS\SYSTEM\SYSTRAY.EXE
            C:\WINDOWS\STARTER.EXE
            C:\WINDOWS\SYSTEM\STIMON.EXE
            C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
            C:\HPGS2WND.EXE
            C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
            C:\WINDOWS\LOADQM.EXE
            C:\PROGRAM FILES\KPN TELECOM\IKB\IDTT.EXE
            C:\WINDOWS\SBNET\SHOWBEHIND.EXE
            C:\PROGRAM FILES\WINAMP3\WINAMPA.EXE
            C:\PROGRAM FILES\REGISTRY CLEANER\REGCLEAN.EXE
            C:\HPGS2WNF.EXE
            C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\EREG\REMIND32.EXE
            C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
            C:\WINDOWS\SYSTEM\WMIEXE.EXE
            D:\MIJN DOCUMENTEN\MIJN ONTVANGEN BESTANDEN\HIJACKTHIS.EXE

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.woordendaad.nl/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://signup.rdnet.nl/
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door RDNet
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            F1 - win.ini: run=hpfsched
            O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
            O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
            O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
            O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
            O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
            O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
            O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
            O4 - HKLM\..\Run: [DU Meter] C:\PROGRAM FILES\DU METER\DUMETER.EXE
            O4 - HKLM\..\Run: [AudioHQ] C:\PROGRAM FILES\CREATIVE\SBLIVE\AudioHQ\AHQTB.EXE
            O4 - HKLM\..\Run: [FinePrint Dispatcher] C:\WINDOWS\SYSTEM\fpdisp3a.exe
            O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
            O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
            O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
            O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
            O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
            O4 - HKLM\..\Run: [XupiterStartup] C:\Program Files\Xupiter\XupiterStartup2003.exe
            O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\hpgs2wnd.exe
            O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
            O4 - HKLM\..\Run: [XupiterCfgLoader] C:\Program Files\Xupiter\XTCfgLoader.exe
            O4 - HKLM\..\Run: [LoadQM] loadqm.exe
            O4 - HKLM\..\Run: [IKB] C:\PROGRAM FILES\KPN TELECOM\IKB\IDTT.EXE
            O4 - HKLM\..\Run: [WREP] C:\PROGRAM FILES\KPN TELECOM\IKB\PREP.EXE
            O4 - HKLM\..\Run: [ShowBehind] C:\WINDOWS\SBNET\SHOWBEHIND.EXE
            O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
            O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
            O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
            O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
            O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
            O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
            O4 - HKCU\..\Run: [Unilex2k] C:\PROGRAM FILES\EASY COMPUTING\DE GROTE ENCYCLOPEDIE 2000\tft.exe
            O4 - HKCU\..\Run: [WeatherCast] C:\PROGRA~1\WEATHE~1\Weather.exe /q
            O4 - HKCU\..\Run: [Registry Cleaner] "C:\PROGRAM FILES\REGISTRY CLEANER\REGCLEAN.EXE"
            O4 - Startup: reminder-ScanSoft Produkt Registrierung.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
            O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
            O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
            O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
            O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
            O14 - IERESET.INF: START_PAGE_URL=http://signup.rdnet.nl/
            O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
            O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
            O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
            O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
            O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
            O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
            O18 - Protocol: ayb - (no CLSID) - (no file)

            Comment


            • #7
              Deze regel fixen terwijl je in veilige modus bent:

              O18 - Protocol: ayb - (no CLSID) - (no file)

              Start opnieuw op, en post een nieuw logje hier

              Comment


              • #8
                Oorspronkelijk geplaatst door [email protected]
                Deze regel fixen terwijl je in veilige modus bent:

                O18 - Protocol: ayb - (no CLSID) - (no file)

                Start opnieuw op, en post een nieuw logje hier
                ---------------------------------------------------------------------------

                Logfile of HijackThis v1.98.2
                Scan saved at 17:27:22, on 28-10-04
                Platform: Windows 98 SE (Win9x 4.10.2222A)
                MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                Running processes:
                C:\WINDOWS\SYSTEM\KERNEL32.DLL
                C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                C:\WINDOWS\SYSTEM\MPREXE.EXE
                C:\WINDOWS\SYSTEM\mmtask.tsk
                C:\WINDOWS\SYSTEM\MSTASK.EXE
                C:\WINDOWS\SYSTEM\MDM.EXE
                C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
                C:\WINDOWS\EXPLORER.EXE
                C:\WINDOWS\TASKMON.EXE
                C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                C:\WINDOWS\STARTER.EXE
                C:\WINDOWS\SYSTEM\STIMON.EXE
                C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
                C:\HPGS2WND.EXE
                C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
                C:\WINDOWS\LOADQM.EXE
                C:\PROGRAM FILES\KPN TELECOM\IKB\IDTT.EXE
                C:\WINDOWS\SBNET\SHOWBEHIND.EXE
                C:\PROGRAM FILES\WINAMP3\WINAMPA.EXE
                C:\HPGS2WNF.EXE
                C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\EREG\REMIND32.EXE
                C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
                C:\WINDOWS\SYSTEM\WMIEXE.EXE
                C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
                C:\WINDOWS\SYSTEM\DDHELP.EXE
                C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
                D:\MIJN DOCUMENTEN\MIJN ONTVANGEN BESTANDEN\HIJACKTHIS.EXE

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.woordendaad.nl/
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://signup.rdnet.nl/
                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door RDNet
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                F1 - win.ini: run=hpfsched
                O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
                O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
                O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
                O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
                O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
                O4 - HKLM\..\Run: [DU Meter] C:\PROGRAM FILES\DU METER\DUMETER.EXE
                O4 - HKLM\..\Run: [AudioHQ] C:\PROGRAM FILES\CREATIVE\SBLIVE\AudioHQ\AHQTB.EXE
                O4 - HKLM\..\Run: [FinePrint Dispatcher] C:\WINDOWS\SYSTEM\fpdisp3a.exe
                O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
                O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
                O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
                O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
                O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
                O4 - HKLM\..\Run: [XupiterStartup] C:\Program Files\Xupiter\XupiterStartup2003.exe
                O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\hpgs2wnd.exe
                O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
                O4 - HKLM\..\Run: [XupiterCfgLoader] C:\Program Files\Xupiter\XTCfgLoader.exe
                O4 - HKLM\..\Run: [LoadQM] loadqm.exe
                O4 - HKLM\..\Run: [IKB] C:\PROGRAM FILES\KPN TELECOM\IKB\IDTT.EXE
                O4 - HKLM\..\Run: [WREP] C:\PROGRAM FILES\KPN TELECOM\IKB\PREP.EXE
                O4 - HKLM\..\Run: [ShowBehind] C:\WINDOWS\SBNET\SHOWBEHIND.EXE
                O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
                O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
                O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
                O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
                O4 - HKCU\..\Run: [Unilex2k] C:\PROGRAM FILES\EASY COMPUTING\DE GROTE ENCYCLOPEDIE 2000\tft.exe
                O4 - HKCU\..\Run: [WeatherCast] C:\PROGRA~1\WEATHE~1\Weather.exe /q
                O4 - HKCU\..\Run: [Registry Cleaner] "C:\PROGRAM FILES\REGISTRY CLEANER\REGCLEAN.EXE"
                O4 - Startup: reminder-ScanSoft Produkt Registrierung.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE
                O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
                O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
                O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
                O14 - IERESET.INF: START_PAGE_URL=http://signup.rdnet.nl/
                O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
                O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
                O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
                O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                O18 - Protocol: ayb - (no CLSID) - (no file)



                O18 - protcol heb ik in veilige modus gefixed maar staat weer bij

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X