Mededeling

Collapse
No announcement yet.

logfile

Collapse
X
Collapse
  •  
  • Page of 1
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    logfile

    Dagelijk draai ik Hitmanpro. Nu toch mijn Favorieten verstoord; er komen een aantal vervelende sites bij die ik niet kan verwijderen. Ook zijn er nu snelkoppelingen op het Bureaublad die ik niet kan verwijderen. Graag hulp.

    Logfile of HijackThis v1.99.0
    Scan saved at 15:20:38, on 30-12-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\PROGRA~1\Support.com\bin\tgcmd.exe
    C:\Program Files\iISystem Wiper\SystemWiper.exe
    C:\Program Files\chello\ChelloMessenger.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\AVPersonal\AVSched32.EXE
    C:\Program Files\Nuria\Nuria.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\WINDOWS\system32\ntcpl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Spyware Doctor\spydoctor.exe
    C:\Program Files\Dataverbruik\dataverbruik.exe
    C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
    C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Philex Enterprises\Philex Atomic Time\Time.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    C:\Program Files\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://vljbaymqrco.org/abXfrie3nV8d3S2sRm5VcRUhaGn915Y/ljbpdyWstgOtc365QZKuaIJjcM6nEN6a.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.megasellers.nl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ams.chello.nl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {10356B4C-6685-FEE0-58D4-EFB9846F2E6F} - C:\PROGRA~1\MAGSBR~1\win support.exe (file missing)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {4BF69EEA-FB5B-FAB8-0EED-F45F40BAB6A3} - C:\DOCUME~1\AMDATH~1\APPLIC~1\MAGSBR~1\win support.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\PROGRA~1\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
    O4 - HKLM\..\Run: [ChelloBackground] C:\Program Files\chello\ChelloMessenger.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Time settings bags city] C:\Documents and Settings\All Users\Application Data\Dalesofttimesettings\cdrom does.exe
    O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
    O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
    O4 - HKLM\..\Run: [ChelloDesktop] C:\Program Files\chello\ChelloDesktop.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [NvCplD] C:\WINDOWS\system32\ntcpl.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
    O4 - HKCU\..\Run: [Filehand Search] C:\Program Files\Filehand Search\Filehand Search.exe -auto
    O4 - HKCU\..\Run: [Online Ooze] C:\DOCUME~1\AMDATH~1\APPLIC~1\GREATJ~1\TwoRoad.exe
    O4 - HKCU\..\Run: [dataverbruik] C:\Program Files\Dataverbruik\dataverbruik.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
    O4 - Global Startup: eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
    O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Philex Atomic Time.lnk = C:\Program Files\Philex Enterprises\Philex Atomic Time\Time.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
    O9 - Extra button: (no name) - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - (no file)
    O9 - Extra button: (no name) - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - (no file)
    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.megasellers.nl
    O16 - DPF: ChatSpace Full Java Client 2.1.0.89 - http://213.133.40.11:8000/Java/cs4fs089.cab
    O16 - DPF: ChatSpace Java Client 2.1.0.86 - http://chat.kidsonline.nl/Java/cs4ms086.cab
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://quickfix.chello.nl/sdccommon/download/tgctlsi.cab
    O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (chelloInstall.Install) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,83/mcinsctl.cab
    O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {B817734E-046C-11D3-B674-00104BA25195} - ftp://ftp.mmm.com/pub/psnotes/psnudate.cab
    O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (LaunchApp.clsDefault) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
    O16 - DPF: {E3802230-F0E2-4A75-9947-EAB78DD8153F} (InstallerX Class) - http://www.euroklik.nl/cab/EasyWebInstaller.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4299/mcfscan.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
    O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: MSI_WLAN_Service - Unknown - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    Labels: Geen
      • Citaat
    • #2
      Dag Louwraar,

      Doe eerst het volgende even:


      Ga naar Configuratiescherm -> Software, kijk of de volgende twee programma's in de softwarelijst staan en deïnstalleer die:

      - Messenger Plus. Je hebt Messenger Plus met de sponsor (= spyware) geïnstalleerd. (Eventueel kun je het later, als we klaar zijn met je log, opnieuw installeren maar dan zonder sponsor.)

      - Switch.


      Tijdens het verwijderen van Messenger Plus krijg je waarschijnlijk een venster zoals dit te zien: http://www.msgplus.net/images/sponsor_uninstall.jpg
      Als je dit niet ziet, kijk dan even in de taakbalk. In dat venster typ je de code in die je te zien krijgt en klik op uninstall. Dan gewoon verder de instructies volgen.


      Start vervolgens de pc opnieuw op.

      Maak daarna een nieuw HijackThis-log en plaats dat hier.
        • Citaat

        Comment

        • #3
          het helpt tot nu

          Op jouw advies alles gedaan en de snelkoppelingen en de irritante favorieten zijn weg. Hieronder mijn nieuwe logfile:

          Logfile of HijackThis v1.99.0
          Scan saved at 23:07:51, on 30-12-2004
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\AVPersonal\AVGUARD.EXE
          C:\Program Files\AVPersonal\AVWUPSRV.EXE
          C:\WINDOWS\System32\drivers\CDAC11BA.EXE
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\WINDOWS\Mixer.exe
          C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
          C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
          C:\PROGRA~1\Support.com\bin\tgcmd.exe
          C:\Program Files\iISystem Wiper\SystemWiper.exe
          C:\Program Files\chello\ChelloMessenger.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\Program Files\AVPersonal\AVSched32.EXE
          C:\Program Files\Nuria\Nuria.exe
          C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
          C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
          C:\Program Files\AVPersonal\AVGNT.EXE
          C:\WINDOWS\system32\ctfmon.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\Program Files\Spyware Doctor\spydoctor.exe
          C:\Program Files\Dataverbruik\dataverbruik.exe
          C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
          C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
          C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
          C:\Program Files\Philex Enterprises\Philex Atomic Time\Time.exe
          C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
          C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
          C:\Program Files\SpywareGuard\sgmain.exe
          C:\Program Files\SpywareGuard\sgbhp.exe
          C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\hijackthis.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://njpgtcrajigoxvrrgdjn.us/abXfrie3nV8d3S2sRm5VcRUhaGn915Y/ljbpdyWstgP9n8FkeBK7wYJjcM6nEN6a.html
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.megasellers.nl
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
          R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ams.chello.nl:8080
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {10356B4C-6685-FEE0-58D4-EFB9846F2E6F} - C:\PROGRA~1\MAGSBR~1\win support.exe (file missing)
          O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
          O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
          O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
          O4 - HKLM\..\Run: [tgcmd] "C:\PROGRA~1\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
          O4 - HKLM\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
          O4 - HKLM\..\Run: [ChelloBackground] C:\Program Files\chello\ChelloMessenger.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
          O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
          O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
          O4 - HKLM\..\Run: [Time settings bags city] C:\Documents and Settings\All Users\Application Data\Dalesofttimesettings\cdrom does.exe
          O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
          O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
          O4 - HKLM\..\Run: [ChelloDesktop] C:\Program Files\chello\ChelloDesktop.exe
          O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
          O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
          O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
          O4 - HKCU\..\Run: [Filehand Search] C:\Program Files\Filehand Search\Filehand Search.exe -auto
          O4 - HKCU\..\Run: [dataverbruik] C:\Program Files\Dataverbruik\dataverbruik.exe
          O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
          O4 - Global Startup: eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
          O4 - Global Startup: eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
          O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
          O4 - Global Startup: Philex Atomic Time.lnk = C:\Program Files\Philex Enterprises\Philex Atomic Time\Time.exe
          O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
          O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
          O9 - Extra button: (no name) - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - (no file)
          O9 - Extra button: (no name) - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - (no file)
          O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
          O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O14 - IERESET.INF: START_PAGE_URL=http://www.megasellers.nl
          O16 - DPF: ChatSpace Full Java Client 2.1.0.89 - http://213.133.40.11:8000/Java/cs4fs089.cab
          O16 - DPF: ChatSpace Java Client 2.1.0.86 - http://chat.kidsonline.nl/Java/cs4ms086.cab
          O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
          O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://quickfix.chello.nl/sdccommon/download/tgctlsi.cab
          O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (chelloInstall.Install) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
          O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
          O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
          O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe
          O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,83/mcinsctl.cab
          O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
          O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
          O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
          O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
          O16 - DPF: {B817734E-046C-11D3-B674-00104BA25195} - ftp://ftp.mmm.com/pub/psnotes/psnudate.cab
          O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (LaunchApp.clsDefault) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
          O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
          O16 - DPF: {E3802230-F0E2-4A75-9947-EAB78DD8153F} (InstallerX Class) - http://www.euroklik.nl/cab/EasyWebInstaller.cab
          O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4299/mcfscan.cab
          O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
          O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
          O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
          O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
          O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
          O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
          O23 - Service: MSI_WLAN_Service - Unknown - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
          O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
            • Citaat

            Comment

            • #4
              1. Scan met HijackThis en vink de volgende items aan:

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://njpgtcrajigoxvrrgdjn.us/abXfr...jcM6nEN6a.html
              R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/EnterOne/Portal/portal.html
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

              O2 - BHO: (no name) - {10356B4C-6685-FEE0-58D4-EFB9846F2E6F} - C:\PROGRA~1\MAGSBR~1\win support.exe (file missing)

              O4 - HKLM\..\Run: [Time settings bags city] C:\Documents and Settings\All Users\Application Data\Dalesofttimesettings\cdrom does.exe

              O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
              O16 - DPF: {E3802230-F0E2-4A75-9947-EAB78DD8153F} (InstallerX Class) - http://www.euroklik.nl/cab/EasyWebInstaller.cab
              O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
              Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

              2. Herstart de pc in veilige modus.
              Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

              Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
              Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

              Verwijder nu, in veilige modus dus, de volgende mappen (indien nog aanwezig):

              C:\Program Files\EnterOne
              C:\Documents and Settings\All Users\Application Data\Dalesofttimesettings

              3. Herstart de pc in 'normale modus'.

              4. Maak een nieuw log en plaats dat hier.
                • Citaat

                Comment

                • #5
                  spyware

                  Alles gedaan wat je zei. Hieronder de nieuwe logfile:

                  Logfile of HijackThis v1.99.0
                  Scan saved at 11:37:05, on 31-12-2004
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\Program Files\AVPersonal\AVGUARD.EXE
                  C:\Program Files\AVPersonal\AVWUPSRV.EXE
                  C:\WINDOWS\System32\drivers\CDAC11BA.EXE
                  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                  C:\WINDOWS\Mixer.exe
                  C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
                  C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
                  C:\PROGRA~1\Support.com\bin\tgcmd.exe
                  C:\Program Files\iISystem Wiper\SystemWiper.exe
                  C:\Program Files\chello\ChelloMessenger.exe
                  C:\Program Files\QuickTime\qttask.exe
                  C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
                  C:\Program Files\AVPersonal\AVSched32.EXE
                  C:\Program Files\Nuria\Nuria.exe
                  C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
                  C:\Program Files\AVPersonal\AVGNT.EXE
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\WINDOWS\system32\RUNDLL32.EXE
                  C:\Program Files\Spyware Doctor\spydoctor.exe
                  C:\Program Files\Dataverbruik\dataverbruik.exe
                  C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
                  C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
                  C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
                  C:\Program Files\Philex Enterprises\Philex Atomic Time\Time.exe
                  C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
                  C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
                  C:\Program Files\SpywareGuard\sgmain.exe
                  C:\Program Files\SpywareGuard\sgbhp.exe
                  C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
                  C:\WINDOWS\System32\nvsvc32.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
                  C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\hijackthis.exe

                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://njpgtcrajigoxvrrgdjn.us/abXfrie3nV8d3S2sRm5VcRUhaGn915Y/ljbpdyWstgP9n8FkeBK7wYJjcM6nEN6a.html
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.megasellers.nl
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ams.chello.nl:8080
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                  O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
                  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                  O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
                  O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
                  O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
                  O4 - HKLM\..\Run: [tgcmd] "C:\PROGRA~1\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
                  O4 - HKLM\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
                  O4 - HKLM\..\Run: [ChelloBackground] C:\Program Files\chello\ChelloMessenger.exe
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
                  O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
                  O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
                  O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
                  O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
                  O4 - HKLM\..\Run: [ChelloDesktop] C:\Program Files\chello\ChelloDesktop.exe
                  O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
                  O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
                  O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
                  O4 - HKCU\..\Run: [Filehand Search] C:\Program Files\Filehand Search\Filehand Search.exe -auto
                  O4 - HKCU\..\Run: [dataverbruik] C:\Program Files\Dataverbruik\dataverbruik.exe
                  O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
                  O4 - Global Startup: eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
                  O4 - Global Startup: eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
                  O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
                  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                  O4 - Global Startup: Philex Atomic Time.lnk = C:\Program Files\Philex Enterprises\Philex Atomic Time\Time.exe
                  O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
                  O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
                  O9 - Extra button: (no name) - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - (no file)
                  O9 - Extra button: (no name) - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - (no file)
                  O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
                  O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O14 - IERESET.INF: START_PAGE_URL=http://www.megasellers.nl
                  O16 - DPF: ChatSpace Full Java Client 2.1.0.89 - http://213.133.40.11:8000/Java/cs4fs089.cab
                  O16 - DPF: ChatSpace Java Client 2.1.0.86 - http://chat.kidsonline.nl/Java/cs4ms086.cab
                  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
                  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
                  O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://quickfix.chello.nl/sdccommon/download/tgctlsi.cab
                  O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (chelloInstall.Install) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
                  O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
                  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
                  O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
                  O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe
                  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,83/mcinsctl.cab
                  O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
                  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
                  O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
                  O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
                  O16 - DPF: {B817734E-046C-11D3-B674-00104BA25195} - ftp://ftp.mmm.com/pub/psnotes/psnudate.cab
                  O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (LaunchApp.clsDefault) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
                  O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
                  O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4299/mcfscan.cab
                  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
                  O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
                  O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
                  O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
                  O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
                  O23 - Service: MSI_WLAN_Service - Unknown - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
                  O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                    • Citaat

                    Comment

                    • #6
                      Deze nog even laten fixen:

                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://njpgtcrajigoxvrrgdjn.us/abXf...JjcM6nEN6a.html

                      Dan zou alles weer goed moeten zijn.


                      Als je het echt niet kunt laten Messenger Plus opnieuw te installeren, let dan alsjeblieft goed op dat je het zonder sponsor installeert.
                        • Citaat

                        Comment

                        • #7
                          geweldig

                          Buffy,

                          Je bent geweldig, bedankt voor je fantastische hulp. Hieronder nog 1 keer mijn logfile:

                          Logfile of HijackThis v1.99.0
                          Scan saved at 12:39:15, on 31-12-2004
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\Program Files\AVPersonal\AVGUARD.EXE
                          C:\Program Files\AVPersonal\AVWUPSRV.EXE
                          C:\WINDOWS\System32\drivers\CDAC11BA.EXE
                          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                          C:\WINDOWS\Mixer.exe
                          C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
                          C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
                          C:\PROGRA~1\Support.com\bin\tgcmd.exe
                          C:\Program Files\iISystem Wiper\SystemWiper.exe
                          C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
                          C:\Program Files\chello\ChelloMessenger.exe
                          C:\Program Files\QuickTime\qttask.exe
                          C:\Program Files\AVPersonal\AVSched32.EXE
                          C:\Program Files\Nuria\Nuria.exe
                          C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
                          C:\Program Files\AVPersonal\AVGNT.EXE
                          C:\WINDOWS\system32\ctfmon.exe
                          C:\WINDOWS\system32\RUNDLL32.EXE
                          C:\Program Files\Spyware Doctor\spydoctor.exe
                          C:\Program Files\Dataverbruik\dataverbruik.exe
                          C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
                          C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
                          C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
                          C:\Program Files\Philex Enterprises\Philex Atomic Time\Time.exe
                          C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
                          C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
                          C:\Program Files\SpywareGuard\sgmain.exe
                          C:\Program Files\SpywareGuard\sgbhp.exe
                          C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
                          C:\WINDOWS\System32\nvsvc32.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
                          C:\Program Files\hijackthis.exe
                          C:\WINDOWS\system32\wuauclt.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.megasellers.nl
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
                          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ams.chello.nl:8080
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                          O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
                          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                          O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
                          O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
                          O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
                          O4 - HKLM\..\Run: [tgcmd] "C:\PROGRA~1\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
                          O4 - HKLM\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
                          O4 - HKLM\..\Run: [ChelloBackground] C:\Program Files\chello\ChelloMessenger.exe
                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                          O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
                          O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
                          O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
                          O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
                          O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
                          O4 - HKLM\..\Run: [ChelloDesktop] C:\Program Files\chello\ChelloDesktop.exe
                          O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
                          O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
                          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                          O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
                          O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
                          O4 - HKCU\..\Run: [Filehand Search] C:\Program Files\Filehand Search\Filehand Search.exe -auto
                          O4 - HKCU\..\Run: [dataverbruik] C:\Program Files\Dataverbruik\dataverbruik.exe
                          O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
                          O4 - Global Startup: eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
                          O4 - Global Startup: eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
                          O4 - Global Startup: Herinneringen van Microsoft Works Agenda.lnk = ?
                          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                          O4 - Global Startup: Philex Atomic Time.lnk = C:\Program Files\Philex Enterprises\Philex Atomic Time\Time.exe
                          O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
                          O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
                          O9 - Extra button: (no name) - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - (no file)
                          O9 - Extra button: (no name) - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - (no file)
                          O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
                          O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O14 - IERESET.INF: START_PAGE_URL=http://www.megasellers.nl
                          O16 - DPF: ChatSpace Full Java Client 2.1.0.89 - http://213.133.40.11:8000/Java/cs4fs089.cab
                          O16 - DPF: ChatSpace Java Client 2.1.0.86 - http://chat.kidsonline.nl/Java/cs4ms086.cab
                          O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
                          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
                          O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://quickfix.chello.nl/sdccommon/download/tgctlsi.cab
                          O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (chelloInstall.Install) - http://quickfix2.chello.nl/quickfix2/asp/chelloInstall.CAB
                          O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
                          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
                          O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
                          O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/nl/win/QuickTimeInstaller.exe
                          O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,83/mcinsctl.cab
                          O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
                          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
                          O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
                          O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
                          O16 - DPF: {B817734E-046C-11D3-B674-00104BA25195} - ftp://ftp.mmm.com/pub/psnotes/psnudate.cab
                          O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (LaunchApp.clsDefault) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
                          O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
                          O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4299/mcfscan.cab
                          O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
                          O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
                          O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
                          O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
                          O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
                          O23 - Service: MSI_WLAN_Service - Unknown - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
                          O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                            • Citaat

                            Comment

                            • #8
                              Dat log is schoon.
                                • Citaat

                                Comment

                                Vorige template Volgende
                                Sorry, you are not authorized to view this page
                                Working...
                                X
                                😀
                                🥰
                                🤢
                                😎
                                😡
                                👍
                                👎