Mededeling

Collapse
No announcement yet.

Vreemde indringers op mijn computer!

Collapse
X
Collapse
  •  
  • Page of 1
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Vreemde indringers op mijn computer!

    Verplaatst van de sectie HijackThis naar de subsectie HijackThis logs.


    Gegroet specialisten

    ik zit dus verveeld met indringers op mijn computer die ik langs geen kanten kan wegkrijgen.

    Hieronder is dan de tekst van mij HijeckThis log file.

    Valt er iets mee an te vanhgen? Hopelijk wel.

    Logfile of HijackThis v1.99.0
    Scan saved at 9:09:53, on 31/12/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\STARTER.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
    C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
    C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
    C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\NL\MSNAPPAU.EXE
    C:\PROGRAM FILES\PLAXO\2.0.1.13\INSTALLSTUB.EXE
    C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\DIGITAL IMAGE\MONITOR.EXE
    C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\TSCHELP.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\MSAGENT\AGENTSVR.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    D:\MIJN DOCUMENTEN\MIJN ONTVANGEN BESTANDEN\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pjtloqxiyakwrehtglfavl.com/OVspAV7GG1Rq3i71nZDFcmAwDBhF0fJBIA6EfiZe_dRLjXLZPeTWdQ8OBbGnPLLr.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\SYSTEM\OOBE\BLANK.HTM
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGITBHO.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {44E8908C-32EB-DFA3-2DF2-F31E550D1746} - C:\WINDOWS\APPLICATION DATA\CREATIVETHISMULTI\BASH PEAK.EXE
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGITIEADDIN.DLL
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
    O4 - HKLM\..\Run: [CoalInternetAudioAdmin] C:\WINDOWS\Application Data\iso option coal internet\Gram grey.exe
    O4 - HKLM\..\Run: [Spyware Stormer] C:\PROGRAM FILES\SPYWARE STORMER\SPYWARESTORMER.Exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
    O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.0.1.13\InstallStub.exe -a
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Lies Vga] C:\WINDOWS\APPLIC~1\THEAXIS\OncePlatform.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\RunServices: [PlaxoUpdate] C:\Program Files\Plaxo\2.0.1.13\InstallStub.exe -a
    O4 - HKCU\..\RunServices: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\RunServices: [Lies Vga] C:\WINDOWS\APPLIC~1\THEAXIS\OncePlatform.exe
    O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Microsoft Works Agenda-herinneringen.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
    O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    O4 - Startup: Alcatel Speedtouch Connection.lnk = C:\Program Files\Alcatel\SpeedTouch USB\STDialUp.exe
    O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Digital Image Monitor.lnk = C:\Program Files\Digital Image\Monitor.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\PROGRAM FILES\IRFANVIEW\Ebay\Ebay.htm
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fujiprint.be/FujiPrint/usercontrols/part/upload/XUpload.ocx
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL

    Met beste dank.
    nIh1IlO
    Last edited by Buffy; 31-12-04, 09:42.
    Labels: Geen
      • Citaat
    • #2
      Hoi Nihillo,

      Deinstalleer SpywareStormer, het staat op de lijst met verkeerde anti-spyware programma's: http://www.spywarewarrior.com/rogue_anti-spyware.htm

      1. Vink onderstaande regels aan in HijackThis:

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pjtloqxiyakwrehtglfavl.co...OBbGnPLLr.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\SYSTEM\OOBE\BLANK.HTM
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

      O2 - BHO: (no name) - {44E8908C-32EB-DFA3-2DF2-F31E550D1746} - C:\WINDOWS\APPLICATION DATA\CREATIVETHISMULTI\BASH PEAK.EXE

      O4 - HKLM\..\Run: [CoalInternetAudioAdmin] C:\WINDOWS\Application Data\iso option coal internet\Gram grey.exe
      O4 - HKLM\..\Run: [Spyware Stormer] C:\PROGRAM FILES\SPYWARE STORMER\SPYWARESTORMER.Exe
      O4 - HKCU\..\Run: [Lies Vga] C:\WINDOWS\APPLIC~1\THEAXIS\OncePlatform.exe
      O4 - HKCU\..\RunServices: [Lies Vga] C:\WINDOWS\APPLIC~1\THEAXIS\OncePlatform.exe
      2. Sluit alle andere vensters en browsers, en klik op de knop “Fix Checked”.

      3. Start opnieuw op in veilige modus.
      Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

      4. Ga naar Windows Verkenner (Rechtsklikken op Start - Verkennen). Zoek en verwijder het volgende:
      Mappen:
      C:\WINDOWS\Application Data\CREATIVETHISMULTI
      C:\WINDOWS\Application Data\THEAXIS
      C:\WINDOWS\Application Data\iso option coal internet

      5. Start opnieuw op in normale modus, maak een nieuw logje aan met HijackThis, en post dat hier
        • Citaat

        Comment

        • #3
          Indringers verdwenen

          Gegroet Hans

          van harte bedankt voor:
          1. de nauwkeurige analyse
          2. voor de naar voren geschoven oplosssing.

          Ik heb al de instructies nauwkeurig gevolgd en uitgevoerd en het 'probleem van de indringers' is verdwenen!
          Ten bewijze van mijn ondernomen acties volgt hieronder het gevraagde logje.

          Een dikke bedanking en een Voorspoedig 2005!

          Logfile of HijackThis v1.99.0
          Scan saved at 21:04:22, on 31/12/04
          Platform: Windows 98 SE (Win9x 4.10.2222A)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINDOWS\SYSTEM\KERNEL32.DLL
          C:\WINDOWS\SYSTEM\MSGSRV32.EXE
          C:\WINDOWS\SYSTEM\MPREXE.EXE
          C:\WINDOWS\SYSTEM\MSTASK.EXE
          C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
          C:\WINDOWS\SYSTEM\mmtask.tsk
          C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
          C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
          C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
          C:\WINDOWS\SYSTEM\MDM.EXE
          C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
          C:\WINDOWS\EXPLORER.EXE
          C:\WINDOWS\SYSTEM\RPCSS.EXE
          C:\WINDOWS\SYSTEM\RNAAPP.EXE
          C:\WINDOWS\SYSTEM\TAPISRV.EXE
          C:\WINDOWS\TASKMON.EXE
          C:\WINDOWS\SYSTEM\SYSTRAY.EXE
          C:\WINDOWS\STARTER.EXE
          C:\WINDOWS\LOADQM.EXE
          C:\WINDOWS\SYSTEM\STIMON.EXE
          C:\WINDOWS\SYSTEM\QTTASK.EXE
          C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
          C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
          C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
          C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
          C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
          C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
          C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\NL\MSNAPPAU.EXE
          C:\WINDOWS\SYSTEM\DDHELP.EXE
          C:\PROGRAM FILES\PLAXO\2.0.1.13\INSTALLSTUB.EXE
          C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
          C:\WINDOWS\SYSTEM\SPOOL32.EXE
          C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
          C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
          C:\WINDOWS\SYSTEM\WMIEXE.EXE
          C:\PROGRAM FILES\DIGITAL IMAGE\MONITOR.EXE
          C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\TSCHELP.EXE
          C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
          C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
          C:\WINDOWS\SYSTEM\PSTORES.EXE
          C:\WINDOWS\MSAGENT\AGENTSVR.EXE
          C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
          D:\MIJN DOCUMENTEN\MIJN ONTVANGEN BESTANDEN\HIJACKTHIS.EXE

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sjajjxbjjkketep.com/OVspAV7GG1Rq3i71nZDFcmAwDBhF0fJBIA6EfiZe_dR9NMSrTpI8Zw8OBbGnPLLr.jpg
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
          O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
          O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
          O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGITBHO.DLL
          O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
          O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
          O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGITIEADDIN.DLL
          O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
          O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
          O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
          O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
          O4 - HKLM\..\Run: [LoadQM] loadqm.exe
          O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
          O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
          O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
          O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
          O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
          O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
          O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
          O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
          O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
          O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
          O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
          O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
          O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
          O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
          O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
          O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
          O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
          O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
          O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
          O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
          O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.0.1.13\InstallStub.exe -a
          O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
          O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
          O4 - Startup: Microsoft Works Agenda-herinneringen.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
          O4 - Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
          O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
          O4 - Startup: Alcatel Speedtouch Connection.lnk = C:\Program Files\Alcatel\SpeedTouch USB\STDialUp.exe
          O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Startup: Digital Image Monitor.lnk = C:\Program Files\Digital Image\Monitor.exe
          O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
          O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
          O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
          O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
          O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\PROGRAM FILES\IRFANVIEW\Ebay\Ebay.htm
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
          O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
          O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
          O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
          O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fujiprint.be/FujiPrint/usercontrols/part/upload/XUpload.ocx
          O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
          O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL

          Nog veel succesvolle helpacties toegewenst!

          Bedankt

          nIh1IlO
          Last edited by nIh1IlO; 01-01-05, 14:49.
            • Citaat

            Comment

            • #4
              Alleen deze regel nog even fixen en je logje is weer schoon:

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.sjajjxbjjkketep.com/OVsp...w8OBbGnPLLr.jpg

                • Citaat

                Comment

                • #5
                  Hello Hans

                  wordt uitgevoerd en nogmaals van harte bedankt voor de service!

                  Groetjes

                  nIh1IlO
                    • Citaat

                    Comment

                    • #6
                      Hello specialist

                      we zijn nu juist geteld drie dagen verder en ik heb hetzelfde probleem voorgehad zondagavond ll. Hedenmorgen heb ik de procedure toegepast zoals beschreven.
                      Een uur later had ik weer prijs: dus 3x op evenveel dagen.
                      Ik word gek van al dat 'stuff'. Hoe voorkom ik toch al die rommel?
                      Mag ik dezelfde procedure weer toepassen en het logje ter controle doorsturen?

                      Met vriendelijke groeten

                      nIh1IlO
                        • Citaat

                        Comment

                        • #7
                          Je mag een nieuw logje posten. Kijk eens naar deze pagina, voor het voorkomen van die rommel: http://www.nucia.eu/main/spyware_hoevoorkom.html

                            • Citaat

                            Comment

                            • #8
                              Hello Hans

                              sorry voor het 'derangement'.
                              Ik houd mij aan zo strikt mogelijke regels betreffende het surfen.
                              Deze namiddag had ik het weer voor; het gebeurde zelfs als ik het helpmij forum bezocht.
                              Hieronder stuur ik het logbestand van mijn 'HijackThis operatie'.
                              Ik overweeg inderdaad om IE af te zweren en over te schakelen naar Firefox.

                              Alvast nogmaals bedankt.

                              Groetjes van

                              nIh1IlO

                              Logfile of HijackThis v1.99.0
                              Scan saved at 16:13:15, on 3/01/05
                              Platform: Windows 98 SE (Win9x 4.10.2222A)
                              MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                              Running processes:
                              C:\WINDOWS\SYSTEM\KERNEL32.DLL
                              C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                              C:\WINDOWS\SYSTEM\MPREXE.EXE
                              C:\WINDOWS\SYSTEM\mmtask.tsk
                              C:\WINDOWS\SYSTEM\MSTASK.EXE
                              C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
                              C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
                              C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
                              C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
                              C:\WINDOWS\SYSTEM\MDM.EXE
                              C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
                              C:\WINDOWS\EXPLORER.EXE
                              C:\WINDOWS\SYSTEM\RPCSS.EXE
                              C:\WINDOWS\SYSTEM\RNAAPP.EXE
                              C:\WINDOWS\SYSTEM\TAPISRV.EXE
                              C:\WINDOWS\TASKMON.EXE
                              C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                              C:\WINDOWS\STARTER.EXE
                              C:\WINDOWS\LOADQM.EXE
                              C:\WINDOWS\SYSTEM\STIMON.EXE
                              C:\WINDOWS\SYSTEM\QTTASK.EXE
                              C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
                              C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
                              C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
                              C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
                              C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
                              C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
                              C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\NL\MSNAPPAU.EXE
                              C:\PROGRAM FILES\PLAXO\2.0.1.13\INSTALLSTUB.EXE
                              C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
                              C:\WINDOWS\SYSTEM\DDHELP.EXE
                              C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
                              C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
                              C:\WINDOWS\SYSTEM\SPOOL32.EXE
                              C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
                              C:\PROGRAM FILES\DIGITAL IMAGE\MONITOR.EXE
                              C:\WINDOWS\SYSTEM\WMIEXE.EXE
                              C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
                              C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
                              C:\WINDOWS\SYSTEM\PSTORES.EXE
                              C:\WINDOWS\MSAGENT\AGENTSVR.EXE
                              C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
                              C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
                              C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
                              D:\MIJN DOCUMENTEN\MIJN ONTVANGEN BESTANDEN\HIJACKTHIS.EXE

                              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lievblzuhyfilnllam.us/OVspAV7GG1Rq3i71nZDFcmAwDBhF0fJBIA6EfiZe_dSuI7M7I4M_Nw8OBbGnPLLr.html
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zzaovndhuoepxw.com/OVspAV7GG1QGUCON4Ycs//Tc6OaJw0_b_tR5tBCQP/M.htm
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
                              O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                              O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                              O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGITBHO.DLL
                              O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
                              O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
                              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
                              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                              O2 - BHO: (no name) - {44E8908C-32EB-DFA3-2DF2-F31E550D1746} - C:\WINDOWS\APPLICATION DATA\CREATIVETHISMULTI\BASH PEAK.EXE
                              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                              O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                              O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                              O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGITIEADDIN.DLL
                              O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
                              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                              O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
                              O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
                              O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                              O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                              O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
                              O4 - HKLM\..\Run: [LoadQM] loadqm.exe
                              O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
                              O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
                              O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
                              O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
                              O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
                              O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
                              O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
                              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                              O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
                              O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                              O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
                              O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                              O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
                              O4 - HKLM\..\Run: [CoalInternetAudioAdmin] C:\WINDOWS\Application Data\iso option coal internet\MeowSecond.exe
                              O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                              O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                              O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
                              O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
                              O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
                              O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
                              O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
                              O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
                              O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
                              O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
                              O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
                              O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.0.1.13\InstallStub.exe -a
                              O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
                              O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
                              O4 - HKCU\..\Run: [Lies Vga] C:\WINDOWS\APPLIC~1\THEAXIS\OncePlatform.exe
                              O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                              O4 - Startup: Microsoft Works Agenda-herinneringen.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
                              O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
                              O4 - Startup: Alcatel Speedtouch Connection.lnk = C:\Program Files\Alcatel\SpeedTouch USB\STDialUp.exe
                              O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                              O4 - Startup: Digital Image Monitor.lnk = C:\Program Files\Digital Image\Monitor.exe
                              O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
                              O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
                              O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
                              O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
                              O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\PROGRAM FILES\IRFANVIEW\Ebay\Ebay.htm
                              O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
                              O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
                              O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
                              O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
                              O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
                              O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
                              O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fujiprint.be/FujiPrint/usercontrols/part/upload/XUpload.ocx
                              O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL
                                • Citaat

                                Comment

                                • #9
                                  Hoi Nihillo,

                                  Blijf in het vervolg van MSN Plus af (de-installeer het ook), omdat MSN Plus voor de rotzooi gezorgt heeft die momenteel op je PC staat...

                                  1. Vink onderstaande regels aan in HijackThis:

                                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lievblzuhyfilnllam.us/OVs...OBbGnPLLr.html
                                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zzaovndhuoepxw.com/OVspAV...tR5tBCQP/M.htm

                                  O2 - BHO: (no name) - {44E8908C-32EB-DFA3-2DF2-F31E550D1746} - C:\WINDOWS\APPLICATION DATA\CREATIVETHISMULTI\BASH PEAK.EXE

                                  O4 - HKLM\..\Run: [CoalInternetAudioAdmin] C:\WINDOWS\Application Data\iso option coal internet\MeowSecond.exe
                                  O4 - HKCU\..\Run: [Lies Vga] C:\WINDOWS\APPLIC~1\THEAXIS\OncePlatform.exe
                                  2. Sluit alle andere vensters en browsers, en klik op de knop “Fix Checked”.

                                  3. Start opnieuw op in veilige modus.
                                  Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

                                  4. Ga naar Windows Verkenner (Rechtsklikken op Start - Verkennen). Zoek en verwijder het volgende:
                                  Mappen:
                                  C:\WINDOWS\Application Data\iso option coal internet
                                  C:\WINDOWS\Application Data\THEAXIS
                                  C:\WINDOWS\Application Data\CREATIVETHISMULTI

                                  5. Start opnieuw op in normale modus, maak een nieuw logje aan met HijackThis, en post dat hier
                                    • Citaat

                                    Comment

                                    • #10


                                      hello Hans

                                      alweer van harte bedankt voor de medewerking.
                                      Ik heb MSN Plus verwijderd en uitgevoerd wat je suggereerde.
                                      Bovendien heb ik Firefox geïnstalleerd.
                                      Ik bots echter op een nieuw probleempje: ik kan mij niet meer aanmelden bij mijn Bank voor onlineverrichtingen en/of raadplegingen.
                                      Ik krijg als antwoord dat de Javasoftware niet wordt gevonden. Ik heb ze nochtans gedownload van de site van de bank; nl die software voor andere webbrowsers dan IE.
                                      Weet je daar ook een oplossing voor?

                                      Ik voeg hieronder alvast mijn logje.

                                      Vriendelijke groeten van

                                      nIh1IlO

                                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
                                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                                      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
                                      O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                                      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                                      O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGITBHO.DLL
                                      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
                                      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
                                      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
                                      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                                      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                                      O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                                      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                                      O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGITIEADDIN.DLL
                                      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\NL\MSNTB.DLL
                                      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                                      O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
                                      O4 - HKLM\..\Run: [Taakcontrole] c:\windows\taskmon.exe
                                      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                                      O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                                      O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
                                      O4 - HKLM\..\Run: [LoadQM] loadqm.exe
                                      O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
                                      O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
                                      O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
                                      O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
                                      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
                                      O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
                                      O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
                                      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                                      O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
                                      O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                                      O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
                                      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                                      O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
                                      O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                                      O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                                      O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
                                      O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
                                      O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
                                      O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
                                      O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
                                      O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
                                      O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
                                      O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.0.1.13\InstallStub.exe -a
                                      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
                                      O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
                                      O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                                      O4 - Startup: Microsoft Works Agenda-herinneringen.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
                                      O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
                                      O4 - Startup: Alcatel Speedtouch Connection.lnk = C:\Program Files\Alcatel\SpeedTouch USB\STDialUp.exe
                                      O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                                      O4 - Startup: Digital Image Monitor.lnk = C:\Program Files\Digital Image\Monitor.exe
                                      O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
                                      O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
                                      O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
                                      O8 - Extra context menu item: Koppelingspagina's - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
                                      O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\PROGRAM FILES\IRFANVIEW\Ebay\Ebay.htm
                                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
                                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
                                      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
                                      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
                                      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
                                      O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
                                      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
                                      O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
                                      O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fujiprint.be/FujiPrint/usercontrols/part/upload/XUpload.ocx
                                      O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL
                                        • Citaat

                                        Comment

                                        • #11
                                          Je bedoelt dat je niet op de Bank site kunt komen met FireFox, maar wel met IE? Dan zul je de bankzaken maar met IE moeten doen. Je logje is in ieder geval weer keurig
                                            • Citaat

                                            Comment

                                            • #12
                                              Hello Hans

                                              inderdaad, dat bedoelde ik. Ik heb ook navraag gedaan bij de bank en zij ondersteunen Mozella Firefox niet, jammer maar helaas.
                                              Ik zal dus voor mijn bankverrichtingen toch moeten terugkeren naar IE.

                                              Overigens nogmaals van harte bedankt voor de controle van mijn logje!

                                              Met vriendelijke groeten van

                                              nIh1IlO
                                                • Citaat

                                                Comment

                                                Vorige template Volgende
                                                Sorry, you are not authorized to view this page
                                                Working...
                                                X
                                                😀
                                                🥰
                                                🤢
                                                😎
                                                😡
                                                👍
                                                👎