Mededeling

**Eagle Creek** · 05-12-04, 15:30

Atlantis, haal eerst de nieuwste versie van HijackThis op vanaf www.nucia.eu --> downloads --> HJT

Post daarmee een nieuw log.

**MisterEagle** · 05-12-04, 15:39

daar haal ik um net vandaan

edit/
ik zit niet thuis ofzo en download hem net van de site af

**Eagle Creek** · 05-12-04, 15:41

Dan niet van de ASO HTTP server? Jij post een log van versie 1.97.7 en op de ASO http staat 1.98.2.

Dat je niet thuis zit weet ik

**Eagle Creek** · 05-12-04, 15:46

1. Vink onderstaande regels aan in HijackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sqziwmeusoxjlqvnevlhk.com...o_gVC/kKm.html

O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Program Files\DashBar\DashBar21.dll

O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.0.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [Mapi nurb bows mags] C:\Documents and Settings\All Users.WINDOWS.0\Application Data\proxycreativemapinurb\Coolinter.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKCU\..\Run: [Up mix] C:\DOCUME~1\PIMTEU~1\APPLIC~1\BlehTime\mapibonemeet.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Weatherscope.lnk = C:\Program Files\Weatherscope\Weatherscope.exe

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game12.zylomgames.com/activex/zylomloader.cab

2. Sluit alle andere vensters en browsers, en klik op de knop “Fix Checked”.

3. Start opnieuw op in veilige modus.

Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

4. Ga naar Windows Verkenner. Zoek en verwijder het volgende:

Mappen:
C:\Program Files\DashBar
C:\Program Files\Weatherscope
C:\Program Files\Hotbar
C:\Program Files\Common Files\GMT
C:\Program Files\Common Files\CMEII
C:\DDocuments and Settings\PIMTEU~1\Application Data\BlehTime
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\proxycreativemapinurb

5. Start opnieuw op in normale modus, maak een nieuw logje aan met de nieuwe HijackThis, en post dat hier

**Buffy** · 05-12-04, 15:57

Fix ook dit item:

O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe

Verwijder de map C:\Program Files\WebSecureAlert

Page not found - Computer Cops

http://computercops.biz/startuplist-4757.html

Ik twijfel over:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oemji.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oemji.com/side_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oemji.com/side_search.html

O2 - BHO: (no name) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Oemji\Toolbar\PopupBlocker\PBHelper.dll
O2 - BHO: OemjiSearchPlus - {D240DC29-C093-4388-B71F-A7103C796B0C} - C:\Program Files\Oemji\OemjiSearchPlus\OemjiSearchPlus.dll

O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSearch.dll

Heb jij OemjiSearch bewust geïnstalleerd?

**MisterEagle** · 05-12-04, 16:02

Logfile of HijackThis v1.97.7
Scan saved at 16:58:24, on 5-12-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Messenger Plus! 3\MsgPlus1.exe
C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE
C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
C:\Program Files\WebSecureAlert\WebSecureAlert.exe
C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Network Associates\log and quarantine\bin\i386\NAIlgpip.exe
C:\WINDOWS.0\System32\nvsvc32.exe
C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe
C:\WINDOWS.0\System32\wuauclt.exe
C:\WINDOWS.0\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zzjlfexubyjzhwg.net/VbJlZegvgfeCu/BzM5sMmIY58ni_NcQj51evS6Wcm0bS65KfobnxsSlo_gVC/kKm.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.0\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [SpamExtract] C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spamextract.com/sx/SpEx2.01pur_opt/SpamExtractInstall.cab

meteen die andere punten ook verwijderd, hij staat niet aan en was niet zichtbaar en werd volgens mijn oom (pc eigenaar) niet gebruikt.

**Eagle Creek** · 05-12-04, 16:03

Logfile of HijackThis v1.97.7

Met "hij" doel je op OemjiSearch neem ik aan?

**MisterEagle** · 05-12-04, 16:05

Logfile of HijackThis v1.98.2
Scan saved at 17:02:07, on 5-12-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Messenger Plus! 3\MsgPlus1.exe
C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE
C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
C:\Program Files\WebSecureAlert\WebSecureAlert.exe
C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Network Associates\log and quarantine\bin\i386\NAIlgpip.exe
C:\WINDOWS.0\System32\nvsvc32.exe
C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe
C:\WINDOWS.0\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zzjlfexubyjzhwg.net/VbJlZegvgfeCu/BzM5sMmIY58ni_NcQj51evS6Wcm0bS65KfobnxsSlo_gVC/kKm.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.0\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [SpamExtract] C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spamextract.com/sx/SpEx2.01pur_opt/SpamExtractInstall.cab

jij je zin.

**Eagle Creek** · 05-12-04, 16:10

Braaf

Fix deze nog:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zzjlfexubyjzhwg.net/VbJl...lo_gVC/kKm.html

**Eagle Creek** · 05-12-04, 16:17

lekker weertje he

Hoihoi Atlantis,

heb je het eerste stukje van de post van Buffy nog gelezen/uitgevoerd? Er staat namelijk nog een regel in de lopende processen die afkomstig is van WebSecureAlert.

En nu ga ik eten

, misschien dat Buffy je nog verder helpt in de tussentijd

Mededeling

hijackThis log

hijackThis log

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment