Mededeling

Collapse
No announcement yet.

Ongevraagde icoontjes op bureaublad, die niet te verwijderen zijn...

Collapse
X
Collapse
  •  
  • Page of 1
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Ongevraagde icoontjes op bureaublad, die niet te verwijderen zijn...

    Verplaatst van HijackThis vragen/problemen naar HijackThis (logs).


    Hallo,
    Op de valreep, nog nèt voor 2005, wil ik graag een beroep op u doen om mij te verlossen van de irritante poker, casino en travel-iconen enz. op mijn bureaublad. Het komt dus veel vaker voor, na verscheidene pagina's te hebben gecheckt op deze site/forum. Kunt u mij helpen? Ik zou u heel erg dankbaar zijn!
    De log volgt hieronder:

    Logfile of HijackThis v1.99.0
    Scan saved at 21:24:51, on 31-12-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\WINDOWS\anvshell.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    C:\Program Files\safe-share\SafeShare.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    c:\progra~1\intern~1\iexplore.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Safe-Share Downloads\hijackthis\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qpqbzdadudngfbcnbjlkmjjn.org/Z41C75v0xSp_FjcS7bEC55d_NtWDZ/O97gml/GlT/yrVqYHh1WooAVGeyTLEpA1K.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hdtwlbsuwqvyaosek.com/Z41C75v0xSoA2sddJVce7G0nn9ydmH8/8MP4d95Bb1Y.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Webflits
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {6C963CDB-8CF3-FE3D-6A5F-862946D98056} - C:\DOCUME~1\GEBRUI~1\APPLIC~1\WINDOW~1\intra drive.exe
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [anvshell] anvshell.exe
    O4 - HKLM\..\Run: [LiveNote] livenote.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [Unshare] C:\Program Files\safe-share\SafeShare.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [city live move free] C:\Documents and Settings\All Users\Application Data\SixthMemoCityLive\DEBUGPROXY.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Mixglobal] C:\DOCUME~1\GEBRUI~1\APPLIC~1\32clock\Send phone cool.exe
    O4 - Global Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/terraexplorer/install/TEInstallPlugIn.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
    O16 - DPF: {7589EEE6-E336-11D4-8A7E-EE1D971D9B47} - http://secure.aconti.net/acontix/goodthinxx.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.lycos.nl/app/uploader/FileUploader.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: %NVSVC.name% - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    Last edited by Buffy; 31-12-04, 20:42.
    Labels: Geen
      • Citaat
    • #2
      Hoi,

      Je hebt blijkbaar messenger plus met sponsers geïnstalleerd. Dus, ik raad je aan om eerst messenger plus te deïnstalleren. Die kan je wanneer je systeem terug clean is terug installeren, maar deze keer zonder sponsers. (Deze optie kan je kiezen bij het begin van de installatie).

      Tijdens de uninstall ervan zal je een sponservenster krijgen zoals je hier een voorbeeld ziet: http://www.msgplus.net/images/sponsor_uninstall.jpg
      Als je deze niet ziet, kijk dan eens in je taakbar. In dat venster typ je de code in die je te zien krijgt en klik op uninstall.
      Dan gewoon verdere instructies opvolgen die gegeven worden.

      Deïnstalleer ook NewDotNet of NewNet.
      Is die niet aanwezig, kijk of er een uninstaller staat in de map Program Files\NewDotNet.
      Die uninstaller heeft als bestandsnaam uninstall6_38.exe.
      Kan je die uninstaller daar ook niet vinden, kijk dan of er een uninstaller staat in C:\Windows. Die uninstaller heet dan NDNuninstall6_38.exe.
      Vind je die ook niet, dan kun je de volgende uninstaller gebruiken:

      http://www.new.net/support/uninstall6_38.exe


      Reboot daarna je pc en post een nieuw hijackthislogje.
      Microsoft MVP - Consumer Security
      Director of Research @ Malwarebytes
      Mijn Blog
        • Citaat

        Comment

        • #3
          Bedankt!!!

          Wat een genot, om die vervelende dingen niet meer te zien en me er niet aan te ergeren! Geweldig advies, dank u wel! Het jaar begint goed! Groeten! Hieronder de log:
          Logfile of HijackThis v1.99.0
          Scan saved at 16:45:45, on 1-1-2005
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          C:\Program Files\Norton AntiVirus\navapsvc.exe
          C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
          C:\WINDOWS\System32\nvsvc32.exe
          C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
          C:\WINDOWS\anvshell.exe
          C:\WINDOWS\system32\dla\tfswctrl.exe
          C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\Program Files\Winamp\winampa.exe
          C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
          C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
          C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
          C:\Program Files\safe-share\SafeShare.exe
          C:\WINDOWS\Dit.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\WINDOWS\system32\RunDLL32.exe
          C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
          C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
          C:\Program Files\Microsoft Office\Office\OSA.EXE
          C:\WINDOWS\DitExp.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Safe-Share Downloads\hijackthis\hijackthis.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msdtvsivrcaoavqhmc.uk/Z41C75v0xSp_FjcS7bEC55d_NtWDZ/O97gml/GlT/yoTOJGPk5dPF1GeyTLEpA1K.html
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buroblad.cc/index.php?QC=
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Webflits
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
          O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [anvshell] anvshell.exe
          O4 - HKLM\..\Run: [LiveNote] livenote.exe
          O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
          O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
          O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
          O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
          O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
          O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
          O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
          O4 - HKLM\..\Run: [Unshare] C:\Program Files\safe-share\SafeShare.exe
          O4 - HKLM\..\Run: [Dit] Dit.exe
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
          O4 - Global Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
          O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
          O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/terraexplorer/install/TEInstallPlugIn.cab
          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
          O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
          O16 - DPF: {7589EEE6-E336-11D4-8A7E-EE1D971D9B47} - http://secure.aconti.net/acontix/goodthinxx.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
          O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.lycos.nl/app/uploader/FileUploader.cab
          O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
          O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
          O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
          O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
          O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
          O23 - Service: %NVSVC.name% - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
          O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
          O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
            • Citaat

            Comment

            • #4
              Ziet er al stukken beter uit..

              Enkel deze futuliteiten nog aanvinken en fixen in hijackthis:

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msdtvsivrcaoavqhmc.uk/Z4...GeyTLEpA1K.html
              O16 - DPF: {7589EEE6-E336-11D4-8A7E-EE1D971D9B47} - http://secure.aconti.net/acontix/goodthinxx.cab

              En dit zou moeten volstaan.
              Microsoft MVP - Consumer Security
              Director of Research @ Malwarebytes
              Mijn Blog
                • Citaat

                Comment

                • #5
                  Bedankt! En zulke snelle hulp! Perfect.
                  De log:

                  Logfile of HijackThis v1.99.0
                  Scan saved at 17:13:56, on 1-1-2005
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                  C:\Program Files\Norton AntiVirus\navapsvc.exe
                  C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
                  C:\WINDOWS\System32\nvsvc32.exe
                  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
                  C:\WINDOWS\anvshell.exe
                  C:\WINDOWS\system32\dla\tfswctrl.exe
                  C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
                  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                  C:\Program Files\Winamp\winampa.exe
                  C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
                  C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
                  C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
                  C:\Program Files\safe-share\SafeShare.exe
                  C:\WINDOWS\Dit.exe
                  C:\Program Files\Messenger Plus! 3\MsgPlus.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\WINDOWS\system32\RunDLL32.exe
                  C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
                  C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
                  C:\Program Files\Microsoft Office\Office\OSA.EXE
                  C:\Program Files\Messenger\msmsgs.exe
                  C:\WINDOWS\DitExp.exe
                  C:\Program Files\Safe-Share Downloads\hijackthis\hijackthis.exe
                  C:\WINDOWS\system32\wuauclt.exe

                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msdtvsivrcaoavqhmc.uk/Z41C75v0xSp_FjcS7bEC55d_NtWDZ/O97gml/GlT/yoTOJGPk5dPF1GeyTLEpA1K.html
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buroblad.cc/index.php?QC=
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Webflits
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                  O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
                  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                  O4 - HKLM\..\Run: [anvshell] anvshell.exe
                  O4 - HKLM\..\Run: [LiveNote] livenote.exe
                  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
                  O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
                  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
                  O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
                  O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
                  O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
                  O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
                  O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
                  O4 - HKLM\..\Run: [Unshare] C:\Program Files\safe-share\SafeShare.exe
                  O4 - HKLM\..\Run: [Dit] Dit.exe
                  O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
                  O4 - Global Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
                  O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
                  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                  O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/terraexplorer/install/TEInstallPlugIn.cab
                  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
                  O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
                  O16 - DPF: {7589EEE6-E336-11D4-8A7E-EE1D971D9B47} - http://secure.aconti.net/acontix/goodthinxx.cab
                  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
                  O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.lycos.nl/app/uploader/FileUploader.cab
                  O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
                  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
                  O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                  O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
                  O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
                  O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
                  O23 - Service: %NVSVC.name% - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                  O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
                  O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                    • Citaat

                    Comment

                    • #6
                      Hee, de futuliteiten zitten er nog in.....?
                        • Citaat

                        Comment

                        • #7
                          Dit is beter volgens mij.



                          Logfile of HijackThis v1.99.0
                          Scan saved at 17:22:51, on 1-1-2005
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                          C:\Program Files\Norton AntiVirus\navapsvc.exe
                          C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
                          C:\WINDOWS\System32\nvsvc32.exe
                          C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
                          C:\WINDOWS\anvshell.exe
                          C:\WINDOWS\system32\dla\tfswctrl.exe
                          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                          C:\Program Files\Winamp\winampa.exe
                          C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
                          C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
                          C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
                          C:\Program Files\safe-share\SafeShare.exe
                          C:\WINDOWS\Dit.exe
                          C:\Program Files\Messenger Plus! 3\MsgPlus.exe
                          C:\WINDOWS\system32\ctfmon.exe
                          C:\WINDOWS\system32\RunDLL32.exe
                          C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
                          C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
                          C:\Program Files\Microsoft Office\Office\OSA.EXE
                          C:\WINDOWS\DitExp.exe
                          C:\Program Files\MSN Messenger\msnmsgr.exe
                          C:\Program Files\Internet Explorer\iexplore.exe
                          C:\WINDOWS\system32\wuauclt.exe
                          C:\Program Files\Messenger\msmsgs.exe
                          C:\Program Files\Safe-Share Downloads\hijackthis\hijackthis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buroblad.cc/index.php?QC=
                          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Webflits
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                          O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                          O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
                          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                          O4 - HKLM\..\Run: [anvshell] anvshell.exe
                          O4 - HKLM\..\Run: [LiveNote] livenote.exe
                          O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
                          O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
                          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                          O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
                          O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
                          O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
                          O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
                          O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
                          O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
                          O4 - HKLM\..\Run: [Unshare] C:\Program Files\safe-share\SafeShare.exe
                          O4 - HKLM\..\Run: [Dit] Dit.exe
                          O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
                          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                          O4 - HKCU\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
                          O4 - Global Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
                          O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
                          O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                          O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/terraexplorer/install/TEInstallPlugIn.cab
                          O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
                          O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
                          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
                          O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.lycos.nl/app/uploader/FileUploader.cab
                          O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
                          O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
                          O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                          O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
                          O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
                          O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
                          O23 - Service: %NVSVC.name% - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
                          O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
                          O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                            • Citaat

                            Comment

                            • #8
                              Idd... maar mijn vraag is nu..
                              heb je toen ook messengerplus gedeïnstalleerd? Want ik zie dat je die inmiddels terug geïnstalleerd hebt..
                              Deïnstaleer het terug en installeer het maar pas opnieuw wanneer je systeem terug helemaal 'clean' is.

                              De voorgaande 'futuliteit' mag je terug fixen.

                              REBOOT daarna je computer en post een nieuw hijackthislogje.
                              Microsoft MVP - Consumer Security
                              Director of Research @ Malwarebytes
                              Mijn Blog
                                • Citaat

                                Comment

                                • #9
                                  Edit... haha.. ja, blijkbaar verkeerde log geplaatst..

                                  Ziet er idd terug goed uit.
                                  Microsoft MVP - Consumer Security
                                  Director of Research @ Malwarebytes
                                  Mijn Blog
                                    • Citaat

                                    Comment

                                    • #10
                                      Nogmaals bedankt voor je hulp!
                                        • Citaat

                                        Comment

                                        • #11
                                          Graag gedaan hoor.
                                          En nu houden zo.
                                          Microsoft MVP - Consumer Security
                                          Director of Research @ Malwarebytes
                                          Mijn Blog
                                            • Citaat

                                            Comment

                                            Vorige template Volgende
                                            Sorry, you are not authorized to view this page
                                            Working...
                                            X
                                            😀
                                            🥰
                                            🤢
                                            😎
                                            😡
                                            👍
                                            👎