Mededeling

Collapse
No announcement yet.

ik zou heel blij zijn als iemand mij hiermee help:)

Collapse
X
Collapse
  •  
  • Page of 1
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    ik zou heel blij zijn als iemand mij hiermee help:)

    welke moet ik verwijderen?

    Logfile of HijackThis v1.99.0
    Scan saved at 1:00:01, on 2-1-2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    F:\Program Files\Norton Internet Security\NISUM.EXE
    F:\Program Files\Common Files\Symantec Shared\ccApp.exe
    F:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    F:\Program Files\Common Files\Real\Update_OB\realsched.exe
    F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    F:\Program Files\Norton Internet Security\ccPxySvc.exe
    F:\WINDOWS\system32\crypserv.exe
    F:\Program Files\Norton AntiVirus\navapsvc.exe
    F:\WINDOWS\System32\nvsvc32.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\wuauclt.exe
    F:\WINDOWS\explorer.exe
    f:\progra~1\intern~1\iexplore.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    F:\Program Files\Internet Explorer\IEXPLORE.EXE
    F:\Documents and Settings\Nicky\Bureaublad\hyjack\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.celpvepgfkfueun.com/gYllWVi8FMUjCwnGVJfEbFE2VjlX96dGmhDy2kOz6GMMrQuxkrzHkw9A7/49lNwn.cgi
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.magicfm.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.xxxs.nl/xxxs.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - F:\PROGRA~1\DAP\dapbho.dll
    O2 - BHO: (no name) - {002B5A62-0DE9-9F63-7A29-928BBA0E3DAF} - F:\DOCUME~1\Nicky\APPLIC~1\gramcompwindow\meal aim.exe
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - F:\PROGRA~1\DAP\dapiebar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [ccApp] F:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RegKillElbyCheck] "F:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [vlqjymbsguuy] F:\WINDOWS\System32\pexxmsfs.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SymNetDrv\SNDMon.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [creative surf rect curb] F:\Documents and Settings\All Users\Application Data\Dog Bold Creative Surf\01 idol.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SymNetDrv\SNDMon.exe
    O4 - HKCU\..\Run: [Plus Option] F:\DOCUME~1\Nicky\APPLIC~1\Active great five\barbpoke.exe
    O4 - Startup: Snelkoppeling naar UITLAAT.lnk = F:\Documents and Settings\Nicky\Bureaublad\UITLAAT.txt
    O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - F:\PROGRA~1\DAP\DAP.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
    O23 - Service: Symantec Event Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service - Symantec Corporation - F:\Program Files\Norton Internet Security\ccPxySvc.exe
    O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
    O23 - Service: Macromedia Licensing Service - Unknown - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - F:\Program Files\Norton Internet Security\NISUM.EXE
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    alvast bedankt

    [het gaat voornamelijk om die searchweb2.com troep, misschien heeft iemand anders al dit probleem gehad en kunt u mij die link van dat forum geven ]
    Labels: Geen
      • Citaat
    • #2
      [EDIT]Bericht verwijderd.[/EDIT]
      Last edited by Buffy; 02-01-05, 14:15.
        • Citaat

        Comment

        • #3
          Ik heb je vorige bericht verwijderd, want:

          Het "kicken" van een topic, dwz het plaatsen van een post om de topic onder de aandacht te brengen, is toegestaan mits er minimaal 72 uur (3 dagen) tussen de kick en de vorige post inzitten. De mensen op dit forum hebben ook een privéleven. Houd daar aub rekening mee. We doen dit allemaal vrijwillig om jou te helpen. Hier zal serieus streng op toe worden gezien. We weten dat je een probleem hebt en snel een oplossing wil, maar het "voordringen" en boos worden is simpelweg onbeleefd en niet netjes. We doen ons best om iedereen zo snel mogelijk te helpen. Is je topic na deze 72 uur nog onbeantwoord is hij misschien per ongeluk over het hoofd gezien. Dan mag je hem wel "kicken".
          Nucia Security Forums
          http://www.nucia.eu/forum/showthread.php?t=12


          Rustig afwachten tot je log is bekeken alsjeblieft. Je bent niet de enige met vervelende problemen op de pc.
            • Citaat

            Comment

            • #4
              duurt al 2 weken
                • Citaat

                Comment

                • #5
                  Excuses, je log is over het hoofd gezien.

                  Wil je even een nieuw log maken en dat hier plaatsen? In twee weken kan veel veranderen. Ik zal proberen er dan zo snel mogelijk naar te kijken.
                    • Citaat

                    Comment

                    • #6
                      van die seare2web.com ben ik geloof ik af, want daar heb ik geen last meer van, tenzij jullie nog sporen ervan zien

                      ik heb nu het probleem dat wanneer ik op bijv, een plaatje met de rechter muisknop klik dat mn buroblad [explorer] en ook in mappen afsluit en opnieuw opstart

                      ik hoop dat jullie een oplossing hebben






                      Logfile of HijackThis v1.99.0
                      Scan saved at 17:38:09, on 7-1-2005
                      Platform: Windows XP (WinNT 5.01.2600)
                      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                      Running processes:
                      F:\WINDOWS\System32\smss.exe
                      F:\WINDOWS\system32\winlogon.exe
                      F:\WINDOWS\system32\services.exe
                      F:\WINDOWS\system32\lsass.exe
                      F:\WINDOWS\system32\svchost.exe
                      F:\WINDOWS\System32\svchost.exe
                      F:\WINDOWS\system32\spoolsv.exe
                      F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                      F:\Program Files\Norton Internet Security\NISUM.EXE
                      F:\Program Files\Norton Internet Security\ccPxySvc.exe
                      F:\WINDOWS\system32\crypserv.exe
                      F:\Program Files\Norton AntiVirus\navapsvc.exe
                      F:\WINDOWS\System32\nvsvc32.exe
                      F:\WINDOWS\System32\svchost.exe
                      F:\WINDOWS\Explorer.EXE
                      F:\Program Files\Common Files\Symantec Shared\ccApp.exe
                      F:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
                      F:\Program Files\Common Files\Real\Update_OB\realsched.exe
                      F:\Program Files\Messenger Plus! 3\MsgPlus.exe
                      F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                      f:\progra~1\intern~1\iexplore.exe
                      F:\WINDOWS\System32\wuauclt.exe
                      F:\Program Files\MSN Messenger\msnmsgr.exe
                      F:\Program Files\Warez P2P Client\warez.exe
                      F:\Program Files\Winamp\winamp.exe
                      F:\Program Files\Internet Explorer\iexplore.exe
                      F:\Documents and Settings\Nicky\Bureaublad\hyjack\hijackthis.exe

                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ysqxrhijtnfiujpp.biz/gYllWVi8FMUjCwnGVJfEbFE2VjlX96dGmhDy2kOz6GO_HN1Rr1GBWw9A7/49lNwn.php
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.scooterforum.net/forum/showthread.php?t=64507&page=6&pp=30
                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.xxxs.nl/xxxs.asp
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
                      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
                      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
                      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
                      O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
                      O4 - HKLM\..\Run: [ccApp] F:\Program Files\Common Files\Symantec Shared\ccApp.exe
                      O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
                      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
                      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
                      O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                      O4 - HKLM\..\Run: [RegKillElbyCheck] "F:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
                      O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
                      O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
                      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SymNetDrv\SNDMon.exe
                      O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
                      O4 - HKLM\..\Run: [vlqjymbsguuy] F:\WINDOWS\System32\pexxmsfs.exe
                      O4 - HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe
                      O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\Messenger Plus! 3\MsgPlus.exe"
                      O4 - HKCU\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SymNetDrv\SNDMon.exe
                      O4 - HKCU\..\Run: [Plus Option] F:\DOCUME~1\Nicky\APPLIC~1\Active great five\barbpoke.exe
                      O4 - Startup: Snelkoppeling naar UITLAAT.lnk = F:\Documents and Settings\Nicky\Bureaublad\UITLAAT.txt
                      O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                      O4 - Global Startup: hp psc 1000 series.lnk = ?
                      O4 - Global Startup: hpoddt01.exe.lnk = ?
                      O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
                      O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
                      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE (file missing)
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE (file missing)
                      O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
                      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
                      O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
                      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
                      O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
                      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
                      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
                      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
                      O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
                      O23 - Service: Symantec Event Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                      O23 - Service: Symantec Password Validation Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
                      O23 - Service: Symantec Proxy Service - Symantec Corporation - F:\Program Files\Norton Internet Security\ccPxySvc.exe
                      O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
                      O23 - Service: Macromedia Licensing Service - Unknown - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
                      O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
                      O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - F:\Program Files\Norton Internet Security\NISUM.EXE
                      O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
                      O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe
                      O23 - Service: ScriptBlocking Service - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
                      O23 - Service: Symantec Network Drivers Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                      O23 - Service: SymWMI Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
                        • Citaat

                        Comment

                        • #7
                          Hoi,

                          SearchWeb2 (oftewel Lop.com) is nog niet bepaald weg hoor. Maar daar gaan we nu verandering in brengen:


                          1. Scan met HijackThis en vink de volgende items aan:

                          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ysqxrhijtnfiujpp.biz/gYll...9A7/49lNwn.php

                          O4 - HKLM\..\Run: [vlqjymbsguuy] F:\WINDOWS\System32\pexxmsfs.exe
                          O4 - HKCU\..\Run: [Plus Option] F:\DOCUME~1\Nicky\APPLIC~1\Active great five\barbpoke.exe

                          O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
                          Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

                          2. Herstart de pc in veilige modus.
                          Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

                          Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
                          Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

                          Verwijder nu, in veilige modus dus, de volgende map:

                          F:\Documents and Settings\Nicky\Application Data\Active great five <- die map

                          3. Herstart de pc in 'normale modus'.

                          4. Maak een nieuw log en plaats dat hier.
                            • Citaat

                            Comment

                            • #8
                              Logfile of HijackThis v1.99.0
                              Scan saved at 18:04:15, on 7-1-2005
                              Platform: Windows XP (WinNT 5.01.2600)
                              MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                              Running processes:
                              F:\WINDOWS\System32\smss.exe
                              F:\WINDOWS\system32\winlogon.exe
                              F:\WINDOWS\system32\services.exe
                              F:\WINDOWS\system32\lsass.exe
                              F:\WINDOWS\system32\svchost.exe
                              F:\WINDOWS\System32\svchost.exe
                              F:\WINDOWS\system32\spoolsv.exe
                              F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                              F:\Program Files\Norton Internet Security\NISUM.EXE
                              F:\Program Files\Common Files\Symantec Shared\ccApp.exe
                              F:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
                              F:\Program Files\Norton Internet Security\ccPxySvc.exe
                              F:\Program Files\Common Files\Real\Update_OB\realsched.exe
                              F:\WINDOWS\system32\crypserv.exe
                              F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
                              F:\Program Files\Norton AntiVirus\navapsvc.exe
                              F:\Program Files\Messenger Plus! 3\MsgPlus.exe
                              F:\WINDOWS\System32\nvsvc32.exe
                              F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                              F:\WINDOWS\System32\svchost.exe
                              F:\WINDOWS\System32\wuauclt.exe
                              F:\WINDOWS\explorer.exe
                              F:\Documents and Settings\Nicky\Bureaublad\hyjack\hijackthis.exe
                              F:\WINDOWS\System32\wuauclt.exe

                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.scooterforum.net/forum/showthread.php?t=64507&page=6&pp=30
                              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.xxxs.nl/xxxs.asp
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                              O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
                              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                              O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
                              O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
                              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
                              O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
                              O4 - HKLM\..\Run: [ccApp] F:\Program Files\Common Files\Symantec Shared\ccApp.exe
                              O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
                              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
                              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                              O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
                              O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                              O4 - HKLM\..\Run: [RegKillElbyCheck] "F:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
                              O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
                              O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
                              O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SymNetDrv\SNDMon.exe
                              O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
                              O4 - HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe
                              O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\Messenger Plus! 3\MsgPlus.exe"
                              O4 - HKCU\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SymNetDrv\SNDMon.exe
                              O4 - Startup: Snelkoppeling naar UITLAAT.lnk = F:\Documents and Settings\Nicky\Bureaublad\UITLAAT.txt
                              O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                              O4 - Global Startup: hp psc 1000 series.lnk = ?
                              O4 - Global Startup: hpoddt01.exe.lnk = ?
                              O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
                              O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
                              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
                              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE (file missing)
                              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE (file missing)
                              O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
                              O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
                              O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
                              O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
                              O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
                              O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
                              O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
                              O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
                              O23 - Service: Symantec Event Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                              O23 - Service: Symantec Password Validation Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
                              O23 - Service: Symantec Proxy Service - Symantec Corporation - F:\Program Files\Norton Internet Security\ccPxySvc.exe
                              O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
                              O23 - Service: Macromedia Licensing Service - Unknown - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
                              O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
                              O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - F:\Program Files\Norton Internet Security\NISUM.EXE
                              O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
                              O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe
                              O23 - Service: ScriptBlocking Service - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
                              O23 - Service: Symantec Network Drivers Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                              O23 - Service: SymWMI Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

                              maar nogsteeds dat met mn rechtermuis=knop
                                • Citaat

                                Comment

                                • #9
                                  Je log is nu schoon...
                                    • Citaat

                                    Comment

                                    • #10
                                      ok, tnQ
                                        • Citaat

                                        Comment

                                        Vorige template Volgende
                                        Sorry, you are not authorized to view this page
                                        Working...
                                        X
                                        😀
                                        🥰
                                        🤢
                                        😎
                                        😡
                                        👍
                                        👎