Mededeling

Collapse
No announcement yet.

Logje Vriend...

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Logje Vriend...

    Als eerst wil k u dankbaar zijn dat u mij al tot zover helpt..
    ten tweede heb ik 2 logs voor u ...
    1e LOG1e LOG
    Logfile of HijackThis v1.98.2
    Scan saved at 21:31:58, on 1-12-2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\3dmoused.exe
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\ASP4TRAY.EXE
    C:\MEDIASCAPE\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\Mediascape\OnScreen Display\OSD.exe
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\MIJN DOCUMENTEN\EDIP AKBAYRAM\OPSLAAN\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
    O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL (file missing)
    O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
    O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D4820} - C:\WINDOWS\SYSTEM\SPM4820.DLL
    O2 - BHO: (no name) - {C3650941-D397-4CC1-8C56-6F834BDBB0D1} - C:\WINDOWS\SYSTEM\FPHKDA.DLL
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\QUESTMOD.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [Primax 3-D Mouse] 3dmoused.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [VortexTray] ASP4TRAY.EXE
    O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Mediascape\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [OnScreen Display] C:\Mediascape\OnScreen Display\OSD.exe
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [vytcecdrssqo] C:\WINDOWS\SYSTEM\kxxyiqpv.exe
    O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
    O4 - HKLM\..\Run: [clwv] C:\WINDOWS\clwv.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
    O4 - HKLM\..\Run: [Power Scan] C:\PROGRAM FILES\POWER SCAN\POWERSCAN.EXE
    O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing)
    O12 - Plugin for .mid: C:\PROGRA~1\Intern~1\PLUGINS\npvmidi.dll
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.skoobidoo.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.topconverting.com
    O15 - Trusted Zone: *.crazywinnings.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.slotchbar.com
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!http://www.foxik.com/6/files.chm::/file.exe
    O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} (Dhsigned Control) - http://ads.dealhelper.com/updates/DealHelperNew.cab
    O18 - Filter: text/html - {2C36C243-EFBA-4506-BC86-113328439D03} - C:\WINDOWS\SYSTEM\FPHKDA.DLL
    O18 - Filter: text/plain - {2C36C243-EFBA-4506-BC86-113328439D03} - C:\WINDOWS\SYSTEM\FPHKDA.DLL


    2elog2e LOG

    StartDreck (build 2.1.7 public stable) - 2004-12-01 @ 22:32:27 (GMT +01:00)
    Platform: Windows ME (Win 4.90.3000 )
    Internet Explorer: 5.50.4134.0100
    Logged in as ugi at PBN COMPUTER

    »Registry
    »Run Keys
    »Current User
    »Run
    *MessengerPlus3="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    *msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    »RunOnce
    »Default User
    »Run
    *MessengerPlus3="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    *msnmsgr="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    »RunOnce
    »Local Machine
    »Run
    *ScanRegistry=c:\windows\scanregw.exe /autorun
    *Taakcontrole=c:\windows\taskmon.exe
    *Primax 3-D Mouse=3dmoused.exe
    *SystemTray=SysTray.Exe
    *VortexTray=ASP4TRAY.EXE
    *Multimedia Keyboard=C:\Mediascape\Multimedia Keyboard\MMKeybd.exe
    *OnScreen Display=C:\Mediascape\OnScreen Display\OSD.exe
    *TaskMonitor=c:\windows\taskmon.exe
    *PCHealth=c:\windows\PCHealth\Support\PCHSchd.exe -s
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *LoadQM=loadqm.exe
    *Microsoft Works Update Detection=c:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    *Internet Optimizer="C:\Program Files\Internet Optimizer\optimize.exe"
    *vytcecdrssqo=C:\WINDOWS\SYSTEM\kxxyiqpv.exe
    *sais=c:\program files\180solutions\sais.exe
    *clwv=C:\WINDOWS\clwv.exe
    *BullsEye Network=C:\Program Files\BullsEye Network\bin\bargains.exe
    *CONSCORR=C:\WINDOWS\CONSCORR.exe
    *Power Scan=C:\PROGRAM FILES\POWER SCAN\POWERSCAN.EXE
    *WebRebates0=C:\Program Files\Web_Rebates\WebRebates0.exe
    *WinUpdate=
    *WinUpdatea=
    *ControlPanel=C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile
    +OptionalComponents
    +MSFS
    *Installed=1
    +MAPI
    *Installed=1
    *NoChange=1
    +MAPI
    *Installed=1
    *NoChange=1
    »RunOnce
    »RunServices
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *SchedulingAgent=mstask.exe
    **StateMgr=C:\WINDOWS\System\Restore\StateMgr.exe
    *MessengerPlus3="C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    »RunServicesOnce
    »RunOnceEx
    »RunServicesOnceEx
    »Files
    »System/Drivers
    »Running Processes
    +FFEF721B=C:\WINDOWS\SYSTEM\KERNEL32.DLL
    +FFFFBD1B=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    +FFFFA4E3=C:\WINDOWS\SYSTEM\SPOOL32.EXE
    +FFFE33AF=C:\WINDOWS\SYSTEM\MPREXE.EXE
    +FFFE0997=C:\WINDOWS\SYSTEM\MSTASK.EXE
    +FFFE6157=C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
    +FFFEBAD7=C:\WINDOWS\SYSTEM\mmtask.tsk
    +FFFEEE4F=C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    +FFFD0FD3=C:\WINDOWS\EXPLORER.EXE
    +FFFC309F=C:\WINDOWS\TASKMON.EXE
    +FFFC610F=C:\WINDOWS\SYSTEM\3dmoused.exe
    +FFFC5747=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    +FFFCA663=C:\WINDOWS\ASP4TRAY.EXE
    +FFFCFE5F=C:\MEDIASCAPE\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    +FFFCC30B=C:\Mediascape\OnScreen Display\OSD.exe
    +FFFC94F7=C:\WINDOWS\LOADQM.EXE
    +FFF3462F=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
    +FFF3BCFF=C:\WINDOWS\SYSTEM\KXXYIQPV.EXE
    +FFF3AD57=C:\WINDOWS\SYSTEM\WMIEXE.EXE
    +FFF3115F=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    +FFF3E90B=C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    +FFF334C7=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    +FFF233EF=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    +FFF0386B=C:\WINDOWS\SYSTEM\DDHELP.EXE
    +FFF09827=C:\MIJN DOCUMENTEN\PFF\STARTDRECK.EXE
    »Application specific


    [spybot] DIT ZIJN DE LOGS....
    ECHT IK HEB WEINIG VERSTAND ERVAN ... IK DOE MIJN BEST IK HOOP DAT U MIJN ZULT HELPEN ...
    ALVAST BEDANKT...
    Last edited by Ugi_55; 01-12-04, 21:39. Reden: 2e LOG FF VERANDEREN VERKEERDE OEPS
    UGI MUGI CUGI UGI MUGI CUGI
    Labels: Geen
    • Citaat
  • #2
    Dit is de vriend waarvan het logje is.
    Mijn topic kan wel dicht denk ik.
    • Citaat

    Comment

    • #3
      Hi Ugi_55,

      Open het Configuratiescherm, dan "Software" en "Programma's wijzigen of verwijderen". Selecteer de volgende onderdelen en klik op "Verwijderen" voor elk van deze:
      • Active Alert
      • Internet Optimizer


      Download CWShredder.
      Pak het uit naar een eigen map. Sluit alle vensters van je browser en dubbelklik CWShredder.exe om het programma te starten. Klik op "Fix->", niet op "Scan only". Laat het programma zijn werk doen, en sluit het hierna.

      Start Internet Explorer en laat je computer scannen op de volgende adressen:

      Housecall Anti Virus Panda Anti Virus
      Download en installeer AdAware SE.Nadat je het programma opstart, download de updates, laat het je compiuter scannen en verwijder elk probleem dat het vindt.

      Start HijackThis, klik op "Scan" and kruis de volgende onderdelen aan.

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

      R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
      O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
      O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL (file missing)
      O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
      O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D4820} - C:\WINDOWS\SYSTEM\SPM4820.DLL
      O2 - BHO: (no name) - {C3650941-D397-4CC1-8C56-6F834BDBB0D1} - C:\WINDOWS\SYSTEM\FPHKDA.DLL
      O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\QUESTMOD.DLL

      O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
      O4 - HKLM\..\Run: [vytcecdrssqo] C:\WINDOWS\SYSTEM\kxxyiqpv.exe
      O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
      O4 - HKLM\..\Run: [clwv] C:\WINDOWS\clwv.exe
      O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
      O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
      O4 - HKLM\..\Run: [Power Scan] C:\PROGRAM FILES\POWER SCAN\POWERSCAN.EXE
      O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
      O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile

      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing)

      O15 - Trusted Zone: *.windupdates.com
      O15 - Trusted Zone: *.searchmiracle.com
      O15 - Trusted Zone: *.searchbarcash.com
      O15 - Trusted Zone: *.skoobidoo.com
      O15 - Trusted Zone: *.my-internet.info
      O15 - Trusted Zone: *.xxxtoolbar.com
      O15 - Trusted Zone: *.slotch.com
      O15 - Trusted Zone: *.flingstone.com
      O15 - Trusted Zone: *.mt-download.com
      O15 - Trusted Zone: *.blazefind.com
      O15 - Trusted Zone: *.clickspring.net
      O15 - Trusted Zone: *.topconverting.com
      O15 - Trusted Zone: *.crazywinnings.com
      O15 - Trusted Zone: *.ysbweb.com
      O15 - Trusted Zone: *.slotchbar.com

      O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
      O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
      O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!http://www.foxik.com/6/files.chm::/file.exe
      O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} (Dhsigned Control) - http://ads.dealhelper.com/updates/DealHelperNew.cab

      O18 - Filter: text/html - {2C36C243-EFBA-4506-BC86-113328439D03} - C:\WINDOWS\SYSTEM\FPHKDA.DLL
      O18 - Filter: text/plain - {2C36C243-EFBA-4506-BC86-113328439D03} - C:\WINDOWS\SYSTEM\FPHKDA.DLL

      Sluit alle programma's, inclusief browsers, behalve HijackThis. Klik op "Fix checked".

      Start je computer in beveiligde modus. Hoe start ik mijn computer in veilige modus?

      Zorg dat je verborgen bestanden kan zien. Hoe toon ik verborgen bestanden?

      Verwijder de volgende bestanden in rood (het kan zijn dat ze al verwijderd zijn):

      Alle bestanden in c:\windows\TEMP
      C:\WINDOWS\NEM220.DLL
      C:\WINDOWS\LOCALNRD.DLL
      C:\WINDOWS\SYSTEM\SPM4820.DLL
      C:\WINDOWS\SYSTEM\FPHKDA.DLL
      C:\WINDOWS\QUESTMOD.DLL
      C:\WINDOWS\SYSTEM\kxxyiqpv.exe
      C:\WINDOWS\clwv.exe
      C:\WINDOWS\CONSCORR.exe
      C:\WINDOWS\SYSTEM\twink64.exe
      C:\WINDOWS\web\related.htm

      Verwijder de volgende mappen in rood (het kan zijn dat deze al verwijderd zijn):

      C:\Program Files\Internet Optimizer
      c:\program files\180solutions
      C:\Program Files\BullsEye Network
      C:\PROGRAM FILES\POWER SCAN
      C:\Program Files\Web_Rebates
      C:\PROGRAM FILES\SIDEFIND

      Herstart de computer en post een nieuwe log in deze thread.
      • Citaat

      Comment

      • #4
        Oorspronkelijk geplaatst door Önder
        Dit is de vriend waarvan het logje is.
        Mijn topic kan wel dicht denk ik.
        Daar het een andere gebruikersnaam was ging ik ervanuit dat het ook een nieuw iemand was.
        • Citaat

        Comment

        • #5
          Oorspronkelijk geplaatst door Bobbi Flekman
          Daar het een andere gebruikersnaam was ging ik ervanuit dat het ook een nieuw iemand was.
          Het spijt me dat ik je extra werk heb bezorgd.
          • Citaat

          Comment

          • #6
            Hartstikke bedankt man egt top van jullie..!!!

            EY HARTSTIKKE BEDANKT MAN .... HET IS GELUKT !!! DIT IS DE NIEUWE LOG.... IS HET GOED OF MOET IK NOG WAT VERWIJDEREN...


            Logfile of HijackThis v1.98.2
            Scan saved at 22:59:47, on 2-12-2004
            Platform: Windows ME (Win9x 4.90.3000)
            MSIE: Internet Explorer v5.50 (5.50.4134.0100)

            Running processes:
            C:\WINDOWS\SYSTEM\KERNEL32.DLL
            C:\WINDOWS\SYSTEM\MSGSRV32.EXE
            C:\WINDOWS\SYSTEM\mmtask.tsk
            C:\WINDOWS\SYSTEM\MPREXE.EXE
            C:\WINDOWS\SYSTEM\MSTASK.EXE
            C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
            C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
            C:\WINDOWS\EXPLORER.EXE
            C:\WINDOWS\TASKMON.EXE
            C:\WINDOWS\SYSTEM\3dmoused.exe
            C:\WINDOWS\SYSTEM\SYSTRAY.EXE
            C:\WINDOWS\ASP4TRAY.EXE
            C:\MEDIASCAPE\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
            C:\Mediascape\OnScreen Display\OSD.exe
            C:\WINDOWS\LOADQM.EXE
            C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
            C:\WINDOWS\SYSTEM\WMIEXE.EXE
            C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
            C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
            C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
            C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
            C:\MIJN DOCUMENTEN\EDIP AKBAYRAM\OPSLAAN\HIJACKTHIS.EXE

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.nl/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
            O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
            O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
            O4 - HKLM\..\Run: [Primax 3-D Mouse] 3dmoused.exe
            O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
            O4 - HKLM\..\Run: [VortexTray] ASP4TRAY.EXE
            O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Mediascape\Multimedia Keyboard\MMKeybd.exe
            O4 - HKLM\..\Run: [OnScreen Display] C:\Mediascape\OnScreen Display\OSD.exe
            O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
            O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s
            O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
            O4 - HKLM\..\Run: [LoadQM] loadqm.exe
            O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
            O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
            O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile
            O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe
            O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
            O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
            O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
            O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
            O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
            O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
            O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
            O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
            O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
            O12 - Plugin for .mid: C:\PROGRA~1\Intern~1\PLUGINS\npvmidi.dll
            O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
            O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
            O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
            O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
            O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
            O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
            O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
            UGI MUGI CUGI UGI MUGI CUGI
            • Citaat

            Comment

            • #7
              Hi Ugi_55,

              Start HijackThis, klik op "Scan" and kruis de volgende onderdelen aan.

              O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
              O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile
              O4 - HKLM\..\Run: [CONSCORR] C:\WINDOWS\CONSCORR.exe

              Sluit alle programma's, inclusief browsers, behalve HijackThis. Klik op "Fix checked".

              Start je computer in beveiligde modus. Hoe start ik mijn computer in veilige modus?

              Zorg dat je verborgen bestanden kan zien. Hoe toon ik verborgen bestanden?

              Verwijder de volgende bestanden in rood (het kan zijn dat ze al verwijderd zijn):

              C:\WINDOWS\SYSTEM\twink64.exe
              C:\WINDOWS\CONSCORR.exe

              Verwijder de volgende mappen in rood (het kan zijn dat deze al verwijderd zijn):

              C:\Program Files\Web_Rebates

              Herstart de computer en post een nieuwe log in deze thread.
              • Citaat

              Comment

              Vorige template Volgende
              Sorry, you are not authorized to view this page
              Working...
              X