Mededeling

Collapse
No announcement yet.

log van melanie

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    log van melanie

    Logfile of HijackThis v1.98.2
    Scan saved at 11:03:38, on 13-11-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus1.exe
    C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    C:\WINDOWS\System32\voymaiqq.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
    C:\Program Files\Web_Rebates\WebRebates0.exe
    C:\Program Files\Windows AdTools\WinAdTools.exe
    C:\WINDOWS\System32\mmgr32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Windows AdTools\WinRatchet.exe
    C:\WINDOWS\System32\NVAREM.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Ares\Ares.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Web_Rebates\WebRebates1.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Beheerder\Local Settings\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rahpawqnzovdzqwbhjrt.com/9Wejl9U1dpfZMIHlvvQOU2eOaL2arTx7BLZQduufdfA27iyvWB3SCAAH4L4wM3Al.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MStart2Page/Portal/portal.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.standbyservice.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/uk/*http://www.yahoo.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStart2Page/Portal/portal.html
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.standbyservice.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {A44DB3E6-6971-EEC5-CCDD-5AA860246FF3} - C:\DOCUME~1\BEHEER~1\APPLIC~1\gluebias\Sixth safe.exe
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
    O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4c\NHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus1.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [rsaxla] C:\WINDOWS\System32\voymaiqq.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [HOPE IDLE MAIL LOVE] C:\Documents and Settings\All Users\Application Data\Proc Up Hope Idle\MealBend.exe
    O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
    O4 - HKLM\..\Run: [OpenMstart] C:\WINDOWS\System32\mmgr32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIDIA Remote Control Panel] NVAREM.EXE /S
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus1.exe" /WinStart
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Eq memo] C:\DOCUME~1\BEHEER~1\APPLIC~1\GRAMON~1\Body Draw Ooze.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185XXNL
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.standbyservice.nl
    O16 - DPF: ImageUploader - http://www.albumservice.nl/ImageUploader.CAB
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {39EB81C2-D67C-4E91-BACE-862190F77EBF} (IVP Class) - http://www.villaelisabeth.com/IVProject.cab
    O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game13.zylomgames.com/activex/zylomloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    Labels: Geen
    • Citaat
  • #2
    Hi melanie,

    Verplaats HijackThis, bij voorkeur naar c:\Program Files\HijackThis. Overal is goed, behalve je Bureaublad of een tijdelijke map. Als HijackThis in een tijdelijke map loop je het risico dat backups verwijderd worden, en het Bureaublad wordt anders een puinhoop met alle backups.
    Als je Windows XP gebruikt, kan het zijn dat je hebt dubbelgeklikt op het bestand HijackThis.exe. Dan wordt het programma uitgepakt naar en tijdelijke map. Selecteer het bestand pak het uit.

    Hoe maak je een nieuwe map:

    Klik op "Mijn Computer", dan "C:\" en op "Program Files".
    Uit het menu kies "Bestand"->"Nieuw"->"Map"
    Dat maakt een map met de naam "Nieuwe map", die je kan hernoemen tot "HJT" of "HijackThis"
    Nu heb je "C:\Program Files\HijackThis". Plaats HijackThis.exe daar en dubbelklik om het programma te starten.

    Open het Configuratiescherm, dan "Software" en "Programma's wijzigen of verwijderen". Selecteer de volgende onderdelen en klik op "Verwijderen" voor elk van deze:
    • My Search Bar
    • MyWay Speed Bar
    • My Web Search Bar
    • Fun Web Products Easy Installer
    • Windows AdTools


    Het is handig om deze pagina op te slaan in je favorieten zodat je deze makkelijker kan vinden wanneer je terugkomt.

    Start HijackThis, klik op "Scan" and kruis de volgende onderdelen aan.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rahpawqnzovdzqwbhjrt.com/...AH4L4wM3Al.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MStart2Page/Portal/portal.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStart2Page/Portal/portal.html

    O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {A44DB3E6-6971-EEC5-CCDD-5AA860246FF3} - C:\DOCUME~1\BEHEER~1\APPLIC~1\gluebias\Sixth safe.exe

    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [rsaxla] C:\WINDOWS\System32\voymaiqq.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [HOPE IDLE MAIL LOVE] C:\Documents and Settings\All Users\Application Data\Proc Up Hope Idle\MealBend.exe
    O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
    O4 - HKLM\..\Run: [OpenMstart] C:\WINDOWS\System32\mmgr32.exe
    O4 - HKCU\..\Run: [Eq memo] C:\DOCUME~1\BEHEER~1\APPLIC~1\GRAMON~1\Body Draw Ooze.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm185XXNL
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab

    Sluit alle programma's, inclusief browsers, behalve HijackThis. Klik op "Fix checked".

    Start je computer in beveiligde modus. Hoe start ik mijn computer in veilige modus?

    Zorg dat je verborgen bestanden kan zien. Hoe toon ik verborgen bestanden?

    Mappen en bestanden met een tilde (~) betekenen dat er een map/bestand is dat begint met de 6 letters voor de tilde, houdt rekening ermee dat er spaties in kunnen staan. Als er meer dan één is, post dan wat gevonden is. Verwijder niet!

    Verwijder de volgende bestanden in rood (het kan zijn dat ze al verwijderd zijn):

    C:\WINDOWS\multimpp.dll
    C:\WINDOWS\2_0_1browserhelper2.dll
    C:\WINDOWS\System32\voymaiqq.exe
    C:\WINDOWS\System32\mmgr32.exe

    Verwijder de volgende mappen in rood (het kan zijn dat deze al verwijderd zijn):

    C:\Program Files\MStart2Page
    C:\Program Files\MyWebSearch
    C:\Documents And Settings\Beheerder\Application Data\gluebias
    C:\Program Files\Web_Rebates
    C:\Documents and Settings\All Users\Application Data\Proc Up Hope Idle
    C:\Program Files\Windows AdTools
    C:\Documents And Settings\Beheerder\Application Data\GRAMON~1

    Herstart de computer en post een nieuwe log in deze thread.
    • Citaat

    Comment

    • #3
      Logfile of HijackThis v1.98.2
      Scan saved at 11:03:38, on 13-11-2004
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\RunDll32.exe
      C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
      C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
      C:\WINDOWS\System32\carpserv.exe
      C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
      C:\Program Files\Microsoft Hardware\Mouse\point32.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Messenger Plus! 3\MsgPlus1.exe
      C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
      C:\WINDOWS\System32\voymaiqq.exe
      C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
      C:\Program Files\Web_Rebates\WebRebates0.exe
      C:\Program Files\Windows AdTools\WinAdTools.exe
      C:\WINDOWS\System32\mmgr32.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Windows AdTools\WinRatchet.exe
      C:\WINDOWS\System32\NVAREM.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Ares\Ares.exe
      c:\progra~1\intern~1\iexplore.exe
      C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
      C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
      C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
      C:\Program Files\Web_Rebates\WebRebates1.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\Beheerder\Local Settings\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rahpawqnzovdzqwbhjrt.com/9Wejl9U1dpfZMIHlvvQOU2eOaL2arTx7BLZQduufdfA27iyvWB3SCAAH4L4wM3Al.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MStart2Page/Portal/portal.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.standbyservice.nl
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/uk/*http://www.yahoo.co.uk
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStart2Page/Portal/portal.html
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.standbyservice.nl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
      O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
      O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
      O2 - BHO: (no name) - {A44DB3E6-6971-EEC5-CCDD-5AA860246FF3} - C:\DOCUME~1\BEHEER~1\APPLIC~1\gluebias\Sixth safe.exe
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
      O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4c\NHelper.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [CARPService] carpserv.exe
      O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
      O4 - HKLM\..\Run: [POINTER] point32.exe
      O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus1.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
      O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
      O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
      O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
      O4 - HKLM\..\Run: [rsaxla] C:\WINDOWS\System32\voymaiqq.exe
      O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
      O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
      O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
      O4 - HKLM\..\Run: [HOPE IDLE MAIL LOVE] C:\Documents and Settings\All Users\Application Data\Proc Up Hope Idle\MealBend.exe
      O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
      O4 - HKLM\..\Run: [OpenMstart] C:\WINDOWS\System32\mmgr32.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [NVIDIA Remote Control Panel] NVAREM.EXE /S
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus1.exe" /WinStart
      O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
      O4 - HKCU\..\Run: [Eq memo] C:\DOCUME~1\BEHEER~1\APPLIC~1\GRAMON~1\Body Draw Ooze.exe
      O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
      O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
      O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
      O4 - Global Startup: BTTray.lnk = ?
      O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
      O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185XXNL
      O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O14 - IERESET.INF: START_PAGE_URL=http://www.standbyservice.nl
      O16 - DPF: ImageUploader - http://www.albumservice.nl/ImageUploader.CAB
      O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
      O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
      O16 - DPF: {39EB81C2-D67C-4E91-BACE-862190F77EBF} (IVP Class) - http://www.villaelisabeth.com/IVProject.cab
      O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
      O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.cab
      O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
      O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
      O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
      O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game13.zylomgames.com/activex/zylomloader.cab
      O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
      • Citaat

      Comment

      • #4
        log van melanie

        Nog een vraagje, weet je toevallig waarom msn nu telkens vast loopt?
        • Citaat

        Comment

        • #5
          Melanie,

          Eerst de instructies van Bobbi uitvoeren voordat je een nieuw logje plaatst svp. Het is duidelijk te zien dat je ze NIET opgevolgt hebt.
          • Citaat

          Comment

          • #6
            Melanie, als je niet snapt wat er van je gevraagd wordt moet je dat gewoon zeggen.

            Je hebt er niets aan door het maar te laten voor wat het is. We willen je graag helpen alleen moet jij aangeven waar het mis gaat .


            Het rapaille dat per Przewalskipaard arriveerde bij het feeëriek gesitueerde etablissement - komma -

            "Verwar de waarheid niet met de mening van de meerderheid"
            • Citaat

            Comment

            • #7
              Hans,
              Ik snap alles wel, ik heb namelijk een nieuwe log geplaats omdat ik een aantal dingen had verwijderd omdat dat gezegt was door Bobbi, ik heb gedaan wat hij gezegt had op reactie van mijn log. Ik had trouwens nadat ik een aantal dingen had verwijderd een nieuwe log geplaatst, maar daar heb ik geen reactie meer op gehad
              Groetjes Melanie
              • Citaat

              Comment

              • #8
                Hi melanie,

                je hebt geen reactie van mij gehad omdat [email protected] ales al had gezegd. De twee logs hebben een identieke datum/tijd. De dingen die ik had gezegd te doen staan er nog steeds in, dus is het dezelfde log. Ik kan het herhalen, maar dat heeft geen nut want [email protected] had alles al gezegd.
                • Citaat

                Comment

                • #9
                  Hoi,
                  dan denk ik dat ik de nieuwe log niet heb opgeslagen en de oude er gewoon weer op heb gezet, sorry daarvoor, plaats wel een nieuwe log
                  groetjes Melanie
                  • Citaat

                  Comment

                  • #10
                    Logfile of HijackThis v1.98.2
                    Scan saved at 22:01:09, on 24-11-2004
                    Platform: Windows XP SP1 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\csrss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\WINDOWS\System32\alg.exe
                    C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
                    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                    C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
                    C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
                    C:\WINDOWS\System32\nvsvc32.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                    C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\WINDOWS\System32\RunDll32.exe
                    C:\WINDOWS\System32\carpserv.exe
                    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
                    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
                    C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
                    C:\Program Files\QuickTime\qttask.exe
                    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
                    C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
                    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
                    C:\WINDOWS\System32\ctfmon.exe
                    C:\WINDOWS\System32\NVAREM.EXE
                    C:\Program Files\Messenger\msmsgs.exe
                    C:\Program Files\Ares\Ares.exe
                    C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
                    C:\WINDOWS\System32\rundll32.exe
                    C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
                    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
                    C:\Program Files\MSN Messenger\msnmsgr.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Program Files\HJT\HijackThis.exe

                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.standbyservice.nl
                    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.standbyservice.nl/
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
                    O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4c\NHelper.dll
                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
                    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                    O4 - HKLM\..\Run: [CARPService] carpserv.exe
                    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
                    O4 - HKLM\..\Run: [POINTER] point32.exe
                    O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
                    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
                    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
                    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
                    O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
                    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
                    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
                    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                    O4 - HKCU\..\Run: [NVIDIA Remote Control Panel] NVAREM.EXE /S
                    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
                    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
                    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
                    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
                    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
                    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
                    O4 - Global Startup: BTTray.lnk = ?
                    O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
                    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
                    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
                    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                    O14 - IERESET.INF: START_PAGE_URL=http://www.standbyservice.nl
                    O16 - DPF: ImageUploader - http://www.albumservice.nl/ImageUploader.CAB
                    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
                    O16 - DPF: {39EB81C2-D67C-4E91-BACE-862190F77EBF} (IVP Class) - http://www.villaelisabeth.com/IVProject.cab
                    O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
                    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
                    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.cab
                    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
                    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
                    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
                    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game13.zylomgames.com/activex/zylomloader.cab
                    O16 - DPF: {E3E34A32-3A6A-47CC-B4E3-B8B86715D388} (MBoom Class) - http://pain.gamepoint.net/msn2/2003/ds/sintgame/marsepein/dll/boom.cab
                    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
                    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
                    • Citaat

                    Comment

                    • #11
                      Hi melanie,

                      Start HijackThis, klik op "Scan" and kruis de volgende onderdelen aan.

                      O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4c\NHelper.dll

                      O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

                      O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

                      Sluit alle programma's, inclusief browsers, behalve HijackThis. Klik op "Fix checked".

                      Start je computer in beveiligde modus. Hoe start ik mijn computer in veilige modus?

                      Zorg dat je verborgen bestanden kan zien. Hoe toon ik verborgen bestanden?

                      Verwijder de volgende mappen in rood (het kan zijn dat deze al verwijderd zijn):

                      C:\Program Files\NavExcel
                      C:\Program Files\Web_Rebates

                      Herstart de computer en post een nieuwe log in deze thread.
                      • Citaat

                      Comment

                      • #12
                        Hier m'n nieuwe log, het is me alleen niet gelukt om Web_Rebates te deleten want hij stond er niet tussen

                        Logfile of HijackThis v1.98.2
                        Scan saved at 16:34:27, on 25-11-2004
                        Platform: Windows XP SP1 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                        C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\WINDOWS\System32\RunDll32.exe
                        C:\WINDOWS\System32\carpserv.exe
                        C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
                        C:\Program Files\Microsoft Hardware\Mouse\point32.exe
                        C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
                        C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
                        C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                        C:\Program Files\QuickTime\qttask.exe
                        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                        C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
                        C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
                        C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
                        C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
                        C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
                        C:\Program Files\Messenger Plus! 3\MsgPlus.exe
                        C:\WINDOWS\System32\ctfmon.exe
                        C:\WINDOWS\System32\nvsvc32.exe
                        C:\WINDOWS\System32\NVAREM.EXE
                        C:\Program Files\Messenger\msmsgs.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\Program Files\Ares\Ares.exe
                        C:\WINDOWS\System32\rundll32.exe
                        C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
                        C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                        C:\Program Files\MSN Messenger\msnmsgr.exe
                        C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
                        C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
                        C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
                        C:\WINDOWS\System32\wuauclt.exe
                        C:\Program Files\Internet Explorer\IEXPLORE.EXE
                        C:\WINDOWS\System32\wuauclt.exe
                        C:\Program Files\HJT\HijackThis.exe

                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.standbyservice.nl
                        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.standbyservice.nl/
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                        O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                        O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
                        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                        O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                        O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
                        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                        O4 - HKLM\..\Run: [CARPService] carpserv.exe
                        O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
                        O4 - HKLM\..\Run: [POINTER] point32.exe
                        O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
                        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                        O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
                        O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
                        O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
                        O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
                        O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
                        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
                        O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
                        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                        O4 - HKCU\..\Run: [NVIDIA Remote Control Panel] NVAREM.EXE /S
                        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                        O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
                        O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
                        O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
                        O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
                        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
                        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
                        O4 - Global Startup: BTTray.lnk = ?
                        O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
                        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                        O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
                        O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
                        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                        O14 - IERESET.INF: START_PAGE_URL=http://www.standbyservice.nl
                        O16 - DPF: ImageUploader - http://www.albumservice.nl/ImageUploader.CAB
                        O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
                        O16 - DPF: {39EB81C2-D67C-4E91-BACE-862190F77EBF} (IVP Class) - http://www.villaelisabeth.com/IVProject.cab
                        O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
                        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
                        O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.cab
                        O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
                        O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
                        O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
                        O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game13.zylomgames.com/activex/zylomloader.cab
                        O16 - DPF: {E3E34A32-3A6A-47CC-B4E3-B8B86715D388} (MBoom Class) - http://pain.gamepoint.net/msn2/2003/ds/sintgame/marsepein/dll/boom.cab
                        O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
                        O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
                        • Citaat

                        Comment

                        • #13
                          Hi melanie,

                          Deze log is schoon!

                          Dit is de tijd om beveiliging op te zetten tegen toekomstige aanvallen. Lees het artikel achter deze link
                          "How did I get infected" (Engels). Als je ze niet al hebt, je hebt nodig een uptodate antivirus, een goede firewall, bijvoorbeeld Kerio Personal Firewall of ZoneLabs Zone Alarm, een spyware blocker als SpywareBlaster en ook IE-Spyads en spyware detectie (Ad-aware SE en SpyBot S+D). Deze hebben allemaal goede gratis versies beschikbaar... wees op je hoede voor beveiligingssoftware die adverteert in popups of andere opdringerige manieren. Deze zijn gewoonlijk niet alleen slecht, vaak hebben ze andere troep in zich...

                          In plaats van Internet Explorer, gebruik een andere browser zoals Opera, Mozilla of Firefox.

                          En laatst, maar zeker niet minst, hou Windows en Internet Explorer up-to-date met de laatste beveilgings patches die je computer kan beveiligen.

                          Dit kan je doen door naar http://windowsupdate.microsoft.com/ te gaan en de aanwijzingen op te volgen. Als je Windows XP draait, zorg dat je update naar SP-2!

                          Post maar terug als er nog steeds problemen zijn.
                          • Citaat

                          Comment

                          Vorige template Volgende
                          Sorry, you are not authorized to view this page
                          Working...
                          X