Mededeling

Collapse
No announcement yet.

hijackThis log

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • hijackThis log

    Logfile of HijackThis v1.97.7
    Scan saved at 16:03:50, on 5-12-2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Common Files\Network Associates\log and quarantine\bin\i386\NAIlgpip.exe
    C:\WINDOWS.0\System32\nvsvc32.exe
    C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
    C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus1.exe
    C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
    C:\Program Files\Weatherscope\Weatherscope.exe
    C:\Program Files\WebSecureAlert\WebSecureAlert.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS.0\System32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sqziwmeusoxjlqvnevlhk.com/VbJlZegvgfeCu/BzM5sMmIY58ni_NcQj51evS6Wcm0ZxDWWWsVbytClo_gVC/kKm.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oemji.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oemji.com/side_search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oemji.com/side_search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Oemji\Toolbar\PopupBlocker\PBHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: OemjiSearchPlus - {D240DC29-C093-4388-B71F-A7103C796B0C} - C:\Program Files\Oemji\OemjiSearchPlus\OemjiSearchPlus.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx
    O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Program Files\DashBar\DashBar21.dll
    O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSearch.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus1.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.0\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.0.0\WeatherOnTray.exe
    O4 - HKLM\..\Run: [Mapi nurb bows mags] C:\Documents and Settings\All Users.WINDOWS.0\Application Data\proxycreativemapinurb\Coolinter.exe
    O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
    O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
    O4 - HKLM\..\Run: [SpamExtract] C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Up mix] C:\DOCUME~1\PIMTEU~1\APPLIC~1\BlehTime\mapibonemeet.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Global Startup: Weatherscope.lnk = C:\Program Files\Weatherscope\Weatherscope.exe
    O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game12.zylomgames.com/activex/zylomloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spamextract.com/sx/SpEx2.01pur_opt/SpamExtractInstall.cab
    Mister Eagle

  • #2
    Atlantis, haal eerst de nieuwste versie van HijackThis op vanaf www.nucia.eu --> downloads --> HJT

    Post daarmee een nieuw log.


    Het rapaille dat per Przewalskipaard arriveerde bij het feeëriek gesitueerde etablissement - komma -

    "Verwar de waarheid niet met de mening van de meerderheid"

    Comment


    • #3
      daar haal ik um net vandaan

      edit/
      ik zit niet thuis ofzo en download hem net van de site af
      Mister Eagle

      Comment


      • #4
        Dan niet van de ASO HTTP server? Jij post een log van versie 1.97.7 en op de ASO http staat 1.98.2.

        Dat je niet thuis zit weet ik


        Het rapaille dat per Przewalskipaard arriveerde bij het feeëriek gesitueerde etablissement - komma -

        "Verwar de waarheid niet met de mening van de meerderheid"

        Comment


        • #5
          1. Vink onderstaande regels aan in HijackThis:

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sqziwmeusoxjlqvnevlhk.com...o_gVC/kKm.html

          O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Program Files\DashBar\DashBar21.dll

          O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.0.0\WeatherOnTray.exe
          O4 - HKLM\..\Run: [Mapi nurb bows mags] C:\Documents and Settings\All Users.WINDOWS.0\Application Data\proxycreativemapinurb\Coolinter.exe
          O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
          O4 - HKCU\..\Run: [Up mix] C:\DOCUME~1\PIMTEU~1\APPLIC~1\BlehTime\mapibonemeet.exe
          O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
          O4 - Global Startup: Weatherscope.lnk = C:\Program Files\Weatherscope\Weatherscope.exe

          O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game12.zylomgames.com/activex/zylomloader.cab
          2. Sluit alle andere vensters en browsers, en klik op de knop “Fix Checked”.

          3. Start opnieuw op in veilige modus.

          Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

          4. Ga naar Windows Verkenner. Zoek en verwijder het volgende:

          Mappen:
          C:\Program Files\DashBar
          C:\Program Files\Weatherscope
          C:\Program Files\Hotbar
          C:\Program Files\Common Files\GMT
          C:\Program Files\Common Files\CMEII
          C:\DDocuments and Settings\PIMTEU~1\Application Data\BlehTime
          C:\Documents and Settings\All Users.WINDOWS.0\Application Data\proxycreativemapinurb

          5. Start opnieuw op in normale modus, maak een nieuw logje aan met de nieuwe HijackThis, en post dat hier
          Last edited by Eagle Creek; 05-12-04, 15:49.


          Het rapaille dat per Przewalskipaard arriveerde bij het feeëriek gesitueerde etablissement - komma -

          "Verwar de waarheid niet met de mening van de meerderheid"

          Comment


          • #6
            Fix ook dit item:

            O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe

            Verwijder de map C:\Program Files\WebSecureAlert

            http://computercops.biz/startuplist-4757.html


            Ik twijfel over:

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oemji.com
            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oemji.com/side_search.html
            R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oemji.com/side_search.html

            O2 - BHO: (no name) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Oemji\Toolbar\PopupBlocker\PBHelper.dll
            O2 - BHO: OemjiSearchPlus - {D240DC29-C093-4388-B71F-A7103C796B0C} - C:\Program Files\Oemji\OemjiSearchPlus\OemjiSearchPlus.dll

            O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSearch.dll


            Heb jij OemjiSearch bewust geïnstalleerd?

            Comment


            • #7
              Logfile of HijackThis v1.97.7
              Scan saved at 16:58:24, on 5-12-2004
              Platform: Windows XP (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 (6.00.2600.0000)

              Running processes:
              C:\WINDOWS.0\System32\smss.exe
              C:\WINDOWS.0\system32\winlogon.exe
              C:\WINDOWS.0\system32\services.exe
              C:\WINDOWS.0\system32\lsass.exe
              C:\WINDOWS.0\system32\svchost.exe
              C:\WINDOWS.0\System32\svchost.exe
              C:\WINDOWS.0\system32\spoolsv.exe
              C:\WINDOWS.0\Explorer.EXE
              C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
              C:\Program Files\Messenger Plus! 3\MsgPlus1.exe
              C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE
              C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
              C:\Program Files\WebSecureAlert\WebSecureAlert.exe
              C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe
              C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
              C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
              C:\Program Files\Common Files\Network Associates\log and quarantine\bin\i386\NAIlgpip.exe
              C:\WINDOWS.0\System32\nvsvc32.exe
              C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
              C:\WINDOWS.0\System32\svchost.exe
              C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
              C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe
              C:\WINDOWS.0\System32\wuauclt.exe
              C:\WINDOWS.0\System32\wuauclt.exe
              C:\hijackthis\HijackThis.exe

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zzjlfexubyjzhwg.net/VbJlZegvgfeCu/BzM5sMmIY58ni_NcQj51evS6Wcm0bS65KfobnxsSlo_gVC/kKm.html
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
              O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\System32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
              O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
              O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
              O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus1.exe"
              O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.0\System32\NeroCheck.exe
              O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
              O4 - HKLM\..\Run: [SpamExtract] C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
              O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
              O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
              O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
              O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
              O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
              O9 - Extra button: Messenger (HKLM)
              O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
              O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
              O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
              O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
              O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
              O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
              O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
              O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
              O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
              O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
              O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
              O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
              O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spamextract.com/sx/SpEx2.01pur_opt/SpamExtractInstall.cab



              meteen die andere punten ook verwijderd, hij staat niet aan en was niet zichtbaar en werd volgens mijn oom (pc eigenaar) niet gebruikt.
              Mister Eagle

              Comment


              • #8
                Logfile of HijackThis v1.97.7

                Met "hij" doel je op OemjiSearch neem ik aan?


                Het rapaille dat per Przewalskipaard arriveerde bij het feeëriek gesitueerde etablissement - komma -

                "Verwar de waarheid niet met de mening van de meerderheid"

                Comment


                • #9
                  Logfile of HijackThis v1.98.2
                  Scan saved at 17:02:07, on 5-12-2004
                  Platform: Windows XP (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                  Running processes:
                  C:\WINDOWS.0\System32\smss.exe
                  C:\WINDOWS.0\system32\winlogon.exe
                  C:\WINDOWS.0\system32\services.exe
                  C:\WINDOWS.0\system32\lsass.exe
                  C:\WINDOWS.0\system32\svchost.exe
                  C:\WINDOWS.0\System32\svchost.exe
                  C:\WINDOWS.0\system32\spoolsv.exe
                  C:\WINDOWS.0\Explorer.EXE
                  C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
                  C:\Program Files\Messenger Plus! 3\MsgPlus1.exe
                  C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE
                  C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
                  C:\Program Files\WebSecureAlert\WebSecureAlert.exe
                  C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe
                  C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
                  C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
                  C:\Program Files\Common Files\Network Associates\log and quarantine\bin\i386\NAIlgpip.exe
                  C:\WINDOWS.0\System32\nvsvc32.exe
                  C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
                  C:\WINDOWS.0\System32\svchost.exe
                  C:\Program Files\Network Associates\TVD\WebShield SMTP\MailCFG.exe
                  C:\Program Files\Network Associates\TVD\WebShield SMTP\mailscan.exe
                  C:\WINDOWS.0\System32\wuauclt.exe
                  C:\Program Files\Internet Explorer\IEXPLORE.EXE
                  C:\hijackthis\hijackthis.exe

                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zzjlfexubyjzhwg.net/VbJlZegvgfeCu/BzM5sMmIY58ni_NcQj51evS6Wcm0bS65KfobnxsSlo_gVC/kKm.html
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
                  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx
                  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\System32\NvCpl.dll,NvStartup
                  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                  O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
                  O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
                  O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus1.exe"
                  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.0\System32\NeroCheck.exe
                  O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
                  O4 - HKLM\..\Run: [SpamExtract] C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
                  O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
                  O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
                  O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
                  O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
                  O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
                  O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
                  O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
                  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
                  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
                  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
                  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
                  O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
                  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
                  O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spamextract.com/sx/SpEx2.01pur_opt/SpamExtractInstall.cab



                  jij je zin.
                  Mister Eagle

                  Comment


                  • #10
                    Braaf

                    Fix deze nog:

                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zzjlfexubyjzhwg.net/VbJl...lo_gVC/kKm.html


                    Het rapaille dat per Przewalskipaard arriveerde bij het feeëriek gesitueerde etablissement - komma -

                    "Verwar de waarheid niet met de mening van de meerderheid"

                    Comment


                    • #11
                      lekker weertje he

                      Hoihoi Atlantis,

                      heb je het eerste stukje van de post van Buffy nog gelezen/uitgevoerd? Er staat namelijk nog een regel in de lopende processen die afkomstig is van WebSecureAlert.

                      En nu ga ik eten , misschien dat Buffy je nog verder helpt in de tussentijd


                      Het rapaille dat per Przewalskipaard arriveerde bij het feeëriek gesitueerde etablissement - komma -

                      "Verwar de waarheid niet met de mening van de meerderheid"

                      Comment

                      Sorry, you are not authorized to view this page
                      Working...
                      X