Tweet
Zwaar irritante Spyware achtige zooi :(
Een HijackThis List van mij:
Logfile of HijackThis v1.99.0
Scan saved at 6:32:06 PM, on 12/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HHVcdV6Sys\VC6SecS.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HHVcdV6Sys\VC6Play.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Virtual CD v6\System\VC6Tray.exe
C:\WINDOWS\system32\?hkdsk.exe
C:\Documents and Settings\Rob\Application Data\sawt.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Winamp\winamp.exe
C:\Downloads\hijackthis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\mIRC\mirc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alcatel.com/consumer/dsl/
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {50CEBC23-28E8-7948-9868-2CA71D3F92C9} - C:\WINDOWS\System32\lrfpbq.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [VC6Player] C:\Program Files\HHVcdV6Sys\VC6Play.exe
O4 - HKLM\..\Run: [7uC4qd] C:\WINDOWS\onjab.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\hhnt.exe
O4 - HKCU\..\Run: [Lroe] C:\Documents and Settings\Rob\Application Data\sawt.exe
O4 - HKCU\..\Run: [Owic] C:\WINDOWS\System32\?hkdsk.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - Startup: Shortcut to i-Speeder.exe.lnk = C:\Program Files\MSI\i-Speeder\i-Speeder.exe
O4 - Global Startup: FuzzyLogic4.lnk = C:\Program Files\MSI\FuzzyLogic4\FuzzyLogic4.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: (HKLM)
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1462E83-481D-4D88-BBF5-540E65DD29FA}: NameServer = 195.121.1.34 195.121.1.66
O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - C:\WINDOWS\System32\Peeeekcc.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual CD v6 Management Service - H+H Software GmbH - C:\Program Files\HHVcdV6Sys\VC6SecS.exe
Het probleem wat ik heb is als volgt:
1: Er komt om de zoveel tijd een internet browser pop up uit het niets met de website van www.buldog-search.com en kan nergens vinden waar ik dit uitgezet krijg
.
2: Er komt steeds een klein install schermpje met daarin "installing ...... bla bla" en daarna meteen nog een schermpje met daarin "Select your country" een soort van Dialer install/verbindings programmaatje denk ik :S.
Iemand enig idee hoe ik dit opgelost krijg?
Vriendelijke Groet MnC
Logfile of HijackThis v1.99.0
Scan saved at 6:32:06 PM, on 12/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HHVcdV6Sys\VC6SecS.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HHVcdV6Sys\VC6Play.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Virtual CD v6\System\VC6Tray.exe
C:\WINDOWS\system32\?hkdsk.exe
C:\Documents and Settings\Rob\Application Data\sawt.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Winamp\winamp.exe
C:\Downloads\hijackthis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\mIRC\mirc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alcatel.com/consumer/dsl/
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {50CEBC23-28E8-7948-9868-2CA71D3F92C9} - C:\WINDOWS\System32\lrfpbq.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [VC6Player] C:\Program Files\HHVcdV6Sys\VC6Play.exe
O4 - HKLM\..\Run: [7uC4qd] C:\WINDOWS\onjab.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\hhnt.exe
O4 - HKCU\..\Run: [Lroe] C:\Documents and Settings\Rob\Application Data\sawt.exe
O4 - HKCU\..\Run: [Owic] C:\WINDOWS\System32\?hkdsk.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - Startup: Shortcut to i-Speeder.exe.lnk = C:\Program Files\MSI\i-Speeder\i-Speeder.exe
O4 - Global Startup: FuzzyLogic4.lnk = C:\Program Files\MSI\FuzzyLogic4\FuzzyLogic4.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: (HKLM)
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1462E83-481D-4D88-BBF5-540E65DD29FA}: NameServer = 195.121.1.34 195.121.1.66
O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - C:\WINDOWS\System32\Peeeekcc.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual CD v6 Management Service - H+H Software GmbH - C:\Program Files\HHVcdV6Sys\VC6SecS.exe
Het probleem wat ik heb is als volgt:
1: Er komt om de zoveel tijd een internet browser pop up uit het niets met de website van www.buldog-search.com en kan nergens vinden waar ik dit uitgezet krijg
.2: Er komt steeds een klein install schermpje met daarin "installing ...... bla bla" en daarna meteen nog een schermpje met daarin "Select your country" een soort van Dialer install/verbindings programmaatje denk ik :S.
Iemand enig idee hoe ik dit opgelost krijg?
Vriendelijke Groet MnC
Comment