Mededeling

Collapse
No announcement yet.

Log van Joyce

Collapse
X
Collapse
  •  
  • Page of 2
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige 1 2 template Volgende
  • #1

    Log van Joyce

    Nog bedankt voor het DLL antwoord,
    hier mij log, en ik ben benieuwd

    Logfile of HijackThis v1.98.2
    Scan saved at 6:22:49, on 28-10-04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
    C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
    C:\PROGRAM FILES\TRUST\[email protected] 100\TASK.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
    C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixenvhjoqxw.com/gJB3fFpU2w6tOb6QN6VmpcZVuOnw6NZ__CQM2WT8Jgk7XCBcY5u1/xT75nFvNtE7.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yfhejfqtkhdrdj.com/gJB3fFpU2w7ltsOUtI2NjJ4k8pYGhDZepvtpYzb1wjA.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F1 - win.ini: run=hpfsched
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {4B89EDC1-B7FC-1C4E-7F2A-FBF48A97183D} - C:\WINDOWS\APPLICATION DATA\ACIDHELP\EXITPILE.EXE
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
    O4 - HKLM\..\Run: [sendtonsstylebits] C:\WINDOWS\Application Data\Bait Funk Send Tons\BIBHTM.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [puretitle] C:\WINDOWS\APPLIC~1\CASHMA~1\Curbclockflaw.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Trust [email protected] 100.lnk = C:\Program Files\Trust\[email protected] 100\task.exe
    O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb012
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab

    Admin edit: Ik heb je andere 2 logjes weggehaald, ik heb er maar eentje nodig
    Last edited by [email protected]; 29-10-04, 06:33.
    Labels: Geen
    • Citaat
  • #2
    Hoi Joyce,

    1. Start HijackThis, en vink onderstaande aan:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixenvhjoqxw.com/gJB3fFpU2...75nFvNtE7.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yfhejfqtkhdrdj.com/gJB3fF...tpYzb1wjA.html

    O2 - BHO: (no name) - {4B89EDC1-B7FC-1C4E-7F2A-FBF48A97183D} - C:\WINDOWS\APPLICATION DATA\ACIDHELP\EXITPILE.EXE

    O4 - HKLM\..\Run: [sendtonsstylebits] C:\WINDOWS\Application Data\Bait Funk Send Tons\BIBHTM.exe
    O4 - HKCU\..\Run: [puretitle] C:\WINDOWS\APPLIC~1\CASHMA~1\Curbclockflaw.exe

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb012

    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab
    2. Sluit alle andere vensters en browsers, en klik op Fix Checked.

    3. Start opnieuw op in veilige modus.
    Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

    4. Verwijder, in veilige modus:
    Mappen
    C:\WINDOWS\APPLICATION DATA\ACIDHELP
    C:\WINDOWS\Application Data\Bait Funk Send Tons
    C:\WINDOWS\Application Data\CASHMA...

    5. Start opnieuw op in normale modus, maak een nieuw logje aan met HijackThis, en post dat hier
    • Citaat

    Comment

    • #3
      nieuw logje

      ok het duurde even, maar na een paar keer vast lopen, hier istie dan:

      alvast bedankt voor de snelle service

      Joyce,

      Logfile of HijackThis v1.98.2
      Scan saved at 9:10:34, on 29-10-04
      Platform: Windows 98 SE (Win9x 4.10.2222A)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\SYSTEM\KERNEL32.DLL
      C:\WINDOWS\SYSTEM\MSGSRV32.EXE
      C:\WINDOWS\SYSTEM\MPREXE.EXE
      C:\WINDOWS\SYSTEM\mmtask.tsk
      C:\WINDOWS\SYSTEM\MSTASK.EXE
      C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
      C:\WINDOWS\EXPLORER.EXE
      C:\WINDOWS\TASKMON.EXE
      C:\WINDOWS\SYSTEM\SYSTRAY.EXE
      C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
      C:\WINDOWS\LOADQM.EXE
      C:\WINDOWS\ptsnoop.exe
      C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
      C:\WINDOWS\SYSTEM\QTTASK.EXE
      C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
      C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
      C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
      C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
      C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
      C:\PROGRAM FILES\TRUST\[email protected] 100\TASK.EXE
      C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
      C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
      C:\WINDOWS\SYSTEM\WMIEXE.EXE
      C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
      C:\WINDOWS\SYSTEM\DDHELP.EXE
      C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
      C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
      C:\WINDOWS\SYSTEM\SPOOL32.EXE
      C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.acxqerwwwp.com/gJB3fFpU2w6tOb6QN6VmpcZVuOnw6NZ__CQM2WT8JgnAbDAIBWbt4RT75nFvNtE7.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ubksfhvwduaxywzpixhdcqpet.com/gJB3fFpU2w7ltsOUtI2NjGVSYPrNmkqgpvtpYzb1wjA.jpg
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      F1 - win.ini: run=hpfsched
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: (no name) - {4B89EDC1-B7FC-1C4E-7F2A-FBF48A97183D} - C:\WINDOWS\APPLICATION DATA\ACIDHELP\EXITPILE.EXE
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
      O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
      O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
      O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
      O4 - HKLM\..\Run: [LoadQM] loadqm.exe
      O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
      O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
      O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
      O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
      O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
      O4 - HKLM\..\Run: [sendtonsstylebits] C:\WINDOWS\Application Data\Bait Funk Send Tons\aim mapi.exe
      O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
      O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
      O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
      O4 - HKCU\..\Run: [puretitle] C:\WINDOWS\APPLIC~1\CASHMA~1\Curbclockflaw.exe
      O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Startup: Trust [email protected] 100.lnk = C:\Program Files\Trust\[email protected] 100\task.exe
      O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
      O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
      O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
      O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
      • Citaat

      Comment

      • #4
        Hoi Joyce,

        1. Vink onderstaande aan in HijackThis:

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.acxqerwwwp.com/gJB3fFpU2w...75nFvNtE7.html
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ubksfhvwduaxywzpixhdcqpet...vtpYzb1wjA.jpg

        O2 - BHO: (no name) - {4B89EDC1-B7FC-1C4E-7F2A-FBF48A97183D} - C:\WINDOWS\APPLICATION DATA\ACIDHELP\EXITPILE.EXE

        O4 - HKLM\..\Run: [sendtonsstylebits] C:\WINDOWS\Application Data\Bait Funk Send Tons\aim mapi.exe
        O4 - HKCU\..\Run: [puretitle] C:\WINDOWS\APPLIC~1\CASHMA~1\Curbclockflaw.exe
        2. Sluit alle andere vensters en browsers, en klik op Fix Checked.

        3. Start opnieuw op in veilige modus, en verwijder:
        C:\WINDOWS\APPLICATION DATA\ACIDHELP << map
        C:\WINDOWS\Application Data\Bait Funk Send Tons << map
        C:\WINDOWS\Application Data\CASHMA... << map

        4. Start opnieuw op in normale modus, maak een nieuw logje aan met HijackThis, en post dat hier.
        • Citaat

        Comment

        • #5
          he he eindelijk

          zo veilige modus, vastlopen, aan uit en dat een keer of 10,

          maar hier is tie dan.

          Logfile of HijackThis v1.98.2
          Scan saved at 18:41:21, on 29-10-04
          Platform: Windows 98 SE (Win9x 4.10.2222A)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINDOWS\SYSTEM\KERNEL32.DLL
          C:\WINDOWS\SYSTEM\MSGSRV32.EXE
          C:\WINDOWS\SYSTEM\MPREXE.EXE
          C:\WINDOWS\SYSTEM\mmtask.tsk
          C:\WINDOWS\SYSTEM\MSTASK.EXE
          C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
          C:\WINDOWS\EXPLORER.EXE
          C:\WINDOWS\TASKMON.EXE
          C:\WINDOWS\SYSTEM\SYSTRAY.EXE
          C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
          C:\WINDOWS\LOADQM.EXE
          C:\WINDOWS\ptsnoop.exe
          C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
          C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
          C:\WINDOWS\SYSTEM\QTTASK.EXE
          C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
          C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
          C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
          C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
          C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
          C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
          C:\PROGRAM FILES\TRUST\[email protected] 100\TASK.EXE
          C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
          C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
          C:\WINDOWS\SYSTEM\WMIEXE.EXE
          C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
          C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
          C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pyucrsyzhwckhkmocxgv.com/gJB3fFpU2w6tOb6QN6VmpcZVuOnw6NZ__CQM2WT8JglF_QKBRMrvxBT75nFvNtE7.php
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ubksfhvwduaxywzpixhdcqpet.com/gJB3fFpU2w7ltsOUtI2NjGVSYPrNmkqgpvtpYzb1wjA.jpg
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
          F1 - win.ini: run=hpfsched
          O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O2 - BHO: (no name) - {4B89EDC1-B7FC-1C4E-7F2A-FBF48A97183D} - C:\WINDOWS\APPLICATION DATA\ACIDHELP\EXITPILE.EXE
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
          O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
          O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
          O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
          O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
          O4 - HKLM\..\Run: [LoadQM] loadqm.exe
          O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
          O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
          O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
          O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
          O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
          O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
          O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
          O4 - HKLM\..\Run: [sendtonsstylebits] C:\WINDOWS\Application Data\Bait Funk Send Tons\aim mapi.exe
          O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
          O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
          O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
          O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
          O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
          O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
          O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
          O4 - HKCU\..\Run: [puretitle] C:\WINDOWS\APPLIC~1\CASHMA~1\Curbclockflaw.exe
          O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
          O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Startup: Trust [email protected] 100.lnk = C:\Program Files\Trust\[email protected] 100\task.exe
          O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
          O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
          O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
          O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
          O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
          • Citaat

          Comment

          • #6
            searchweb2.com

            Wat ik ook doe, ik blijf iedere keer deze pagina:

            http://searchweb2.com/

            als startpagina terug krijgen

            hoe kom ik hier van af,

            ook blijven er pop ups verschijnen over:

            " mogelijk hebt u spyware" etc en meer van deze crap

            help
            • Citaat

            Comment

            • #7
              Je log is nog niet schoon verklaard: http://www.nucia.eu/forum/showthread.php?t=91

              Wacht eerst even de resultaten van je log af .

              Admin:
              Topics samengevoegd


              Het rapaille dat per Przewalskipaard arriveerde bij het feeëriek gesitueerde etablissement - komma -

              "Verwar de waarheid niet met de mening van de meerderheid"
              • Citaat

              Comment

              • #8
                Log van Joyce

                Ok, dit is mijn log nadat ik ad-aware en spybot heb laten draaien
                hopelijk is dit de goeie
                alvast bedankt

                Logfile of HijackThis v1.98.2
                Scan saved at 16:39:57, on 30-10-04
                Platform: Windows 98 SE (Win9x 4.10.2222A)
                MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                Running processes:
                C:\WINDOWS\SYSTEM\KERNEL32.DLL
                C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                C:\WINDOWS\SYSTEM\MPREXE.EXE
                C:\WINDOWS\SYSTEM\mmtask.tsk
                C:\WINDOWS\SYSTEM\MSTASK.EXE
                C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
                C:\WINDOWS\EXPLORER.EXE
                C:\WINDOWS\TASKMON.EXE
                C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
                C:\WINDOWS\LOADQM.EXE
                C:\WINDOWS\ptsnoop.exe
                C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
                C:\WINDOWS\SYSTEM\QTTASK.EXE
                C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
                C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
                C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
                C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
                C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
                C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
                C:\PROGRAM FILES\TRUST\[email protected] 100\TASK.EXE
                C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
                C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
                C:\WINDOWS\SYSTEM\WMIEXE.EXE
                C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
                C:\WINDOWS\SYSTEM\DDHELP.EXE
                C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
                C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tiztnhxrublv.net/gJB3fFpU2w6tOb6QN6VmpcZVuOnw6NZ__CQM2WT8JgnfP6RUUvhXZxT75nFvNtE7.html
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ubksfhvwduaxywzpixhdcqpet.com/gJB3fFpU2w7ltsOUtI2NjGVSYPrNmkqgpvtpYzb1wjA.jpg
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
                F1 - win.ini: run=hpfsched
                O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                O2 - BHO: (no name) - {4B89EDC1-B7FC-1C4E-7F2A-FBF48A97183D} - C:\WINDOWS\APPLICATION DATA\ACIDHELP\EXITPILE.EXE
                O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
                O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
                O4 - HKLM\..\Run: [LoadQM] loadqm.exe
                O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
                O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
                O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
                O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
                O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
                O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
                O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
                O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
                O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
                O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
                O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
                O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
                O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
                O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                O4 - Startup: Trust [email protected] 100.lnk = C:\Program Files\Trust\[email protected] 100\task.exe
                O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
                O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
                O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
                O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
                O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
                • Citaat

                Comment

                • #9
                  Admin:
                  Nogmaals een nieuw topic samengevoegd met de huidige.

                  Verzoek; wil je de nieuwe logs voortaan in dezelfde thread posten waarin je bezig was aub ?
                  Last edited by Eagle Creek; 30-10-04, 18:05.


                  Het rapaille dat per Przewalskipaard arriveerde bij het feeëriek gesitueerde etablissement - komma -

                  "Verwar de waarheid niet met de mening van de meerderheid"
                  • Citaat

                  Comment

                  • #10
                    Hoi Joyce,

                    1. Vink deze aan in HijackThis:

                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tiztnhxrublv.net/gJB3fFpU...75nFvNtE7.html
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ubksfhvwduaxywzpixhdcqpet...vtpYzb1wjA.jpg

                    O2 - BHO: (no name) - {4B89EDC1-B7FC-1C4E-7F2A-FBF48A97183D} - C:\WINDOWS\APPLICATION DATA\ACIDHELP\EXITPILE.EXE

                    2. Sluit alle andere vensters en browsers, en klik op Fix Checked.

                    3. Start opnieuw op in veilige modus, en verwijder:
                    C:\WINDOWS\APPLICATION DATA\ACIDHELP << map

                    4. Start opnieuw op in normale modus, maak een nieuw logje aan, en post dat hier
                    • Citaat

                    Comment

                    • #11
                      nieuw logje

                      ik hoop nu dat het iets beter is

                      nog een prettig hijack weekend


                      joyce


                      Logfile of HijackThis v1.98.2
                      Scan saved at 8:31:09, on 31-10-04
                      Platform: Windows 98 SE (Win9x 4.10.2222A)
                      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                      Running processes:
                      C:\WINDOWS\SYSTEM\KERNEL32.DLL
                      C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                      C:\WINDOWS\SYSTEM\MPREXE.EXE
                      C:\WINDOWS\SYSTEM\mmtask.tsk
                      C:\WINDOWS\SYSTEM\MSTASK.EXE
                      C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
                      C:\WINDOWS\EXPLORER.EXE
                      C:\WINDOWS\TASKMON.EXE
                      C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                      C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
                      C:\WINDOWS\LOADQM.EXE
                      C:\WINDOWS\ptsnoop.exe
                      C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
                      C:\WINDOWS\SYSTEM\QTTASK.EXE
                      C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
                      C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
                      C:\WINDOWS\SYSTEM\WMIEXE.EXE
                      C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
                      C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
                      C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
                      C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
                      C:\PROGRAM FILES\TRUST\[email protected] 100\TASK.EXE
                      C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
                      C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
                      C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
                      C:\WINDOWS\SYSTEM\DDHELP.EXE
                      C:\WINDOWS\NOTEPAD.EXE
                      C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
                      F1 - win.ini: run=hpfsched
                      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                      O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                      O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
                      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                      O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                      O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
                      O4 - HKLM\..\Run: [LoadQM] loadqm.exe
                      O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
                      O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
                      O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
                      O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
                      O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
                      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                      O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
                      O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                      O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                      O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
                      O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
                      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
                      O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
                      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
                      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
                      O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
                      O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                      O4 - Startup: Trust [email protected] 100.lnk = C:\Program Files\Trust\[email protected] 100\task.exe
                      O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
                      O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
                      O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
                      O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
                      O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
                      • Citaat

                      Comment

                      • #12
                        Ziet er weer mooi uit

                        Nucia Security Forums
                        http://www.nucia.eu/ne/main/spyware_hoevoorkom.html


                        Lees bovenstaande link door voor preventie
                        • Citaat

                        Comment

                        • #13
                          heel hartelijk bedankt

                          Hans, mag ik jou en de jouwen hartelijk danken en succes wensen met jullie geweldige ASO pagina, ik hoop hier in de toekomst nog veel terug te komen en te leren over al dit soort ongemakken.

                          succes
                          • Citaat

                          Comment

                          • #14
                            en weer een logje

                            Ik heb er natuurlijk geen verstand van maar onder R1 en R0 zie ik weer van die vreemde regels met allerlei letters door elkaar die mij in iedergeval niets zeggen.

                            komt tie,

                            greetz
                            Joyce

                            Logfile of HijackThis v1.98.2
                            Scan saved at 15:59:01, on 31-10-04
                            Platform: Windows 98 SE (Win9x 4.10.2222A)
                            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                            Running processes:
                            C:\WINDOWS\SYSTEM\KERNEL32.DLL
                            C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                            C:\WINDOWS\SYSTEM\MPREXE.EXE
                            C:\WINDOWS\SYSTEM\MSTASK.EXE
                            C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
                            C:\WINDOWS\SYSTEM\mmtask.tsk
                            C:\WINDOWS\EXPLORER.EXE
                            C:\WINDOWS\TASKMON.EXE
                            C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                            C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
                            C:\WINDOWS\LOADQM.EXE
                            C:\WINDOWS\ptsnoop.exe
                            C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
                            C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
                            C:\WINDOWS\SYSTEM\QTTASK.EXE
                            C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
                            C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
                            C:\WINDOWS\SYSTEM\WMIEXE.EXE
                            C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
                            C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
                            C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
                            C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
                            C:\PROGRAM FILES\TRUST\[email protected] 100\TASK.EXE
                            C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
                            C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
                            C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
                            C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
                            C:\WINDOWS\SYSTEM\DDHELP.EXE
                            C:\WINDOWS\SYSTEM\SPOOL32.EXE
                            C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lsgmfowmawphjlzcfxejnygxc.com/gJB3fFpU2w6tOb6QN6VmpcZVuOnw6NZ__CQM2WT8JgljQJGICixT6hT75nFvNtE7.jpg
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unecgszmlnklvrwhxupcen.com/gJB3fFpU2w7ltsOUtI2NjKa1UpoGurt6pvtpYzb1wjA.html
                            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
                            F1 - win.ini: run=hpfsched
                            O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                            O2 - BHO: (no name) - {4B89EDC1-B7FC-1C4E-7F2A-FBF48A97183D} - C:\WINDOWS\APPLICATION DATA\ACIDHELP\EXITPILE.EXE
                            O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                            O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                            O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
                            O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                            O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                            O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
                            O4 - HKLM\..\Run: [LoadQM] loadqm.exe
                            O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
                            O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
                            O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
                            O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
                            O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
                            O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                            O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
                            O4 - HKLM\..\Run: [sendtonsstylebits] C:\WINDOWS\Application Data\Bait Funk Send Tons\MoveBalm.exe
                            O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
                            O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                            O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                            O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
                            O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
                            O4 - HKLM\..\RunOnce: [ACMWrapperV2.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\ACMWrapperV2.dll"
                            O4 - HKLM\..\RunOnce: [MediaPlayerV2.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\MediaPlayerV2.dll"
                            O4 - HKLM\..\RunOnce: [driversV2.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\driversV2.dll"
                            O4 - HKLM\..\RunOnce: [Cdbootable.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Cdbootable.dll"
                            O4 - HKLM\..\RunOnce: [cdDataPS.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdDataPS.dll"
                            O4 - HKLM\..\RunOnce: [cdExtra.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdExtra.dll"
                            O4 - HKLM\..\RunOnce: [cdmp3.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdmp3.dll"
                            O4 - HKLM\..\RunOnce: [database.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\database.dll"
                            O4 - HKLM\..\RunOnce: [ISO9660.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\ISO9660.dll"
                            O4 - HKLM\..\RunOnce: [Joliet.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Joliet.dll"
                            O4 - HKLM\..\RunOnce: [Udf.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Udf.dll"
                            O4 - HKLM\..\RunOnce: [creator.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\creator.dll"
                            O4 - HKLM\..\RunOnce: [Translator.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Translator.dll"
                            O4 - HKLM\..\RunOnce: [CDEngine.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\CDEngine.dll"
                            O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps
                            O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
                            O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
                            O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
                            O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
                            O4 - HKCU\..\Run: [puretitle] C:\WINDOWS\APPLIC~1\CASHMA~1\Curbclockflaw.exe
                            O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
                            O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                            O4 - Startup: Trust [email protected] 100.lnk = C:\Program Files\Trust\[email protected] 100\task.exe
                            O4 - Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
                            O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
                            O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
                            O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
                            O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
                            • Citaat

                            Comment

                            • #15
                              Tja, als je MSN Plus blijft installeren blijf ik bezig...

                              Start opnieuw op, maak een nieuw HijackThis logje, en post dat hier (Dan zullen die O4 - RunOnce's waarschijnlijk verdwenen zijn)
                              • Citaat

                              Comment

                              Vorige 1 2 template Volgende
                              Sorry, you are not authorized to view this page
                              Working...
                              X