Startblad internet

kristof 22 december 2004, 18:00

Ik ben ten einde raad.
Bij het openen van internet altijd een overzichtblad.
Startpagina instelling verandert altijd in blanck.
AD-Aware vindt spyware en wordt verwijderd.
Pandavirusscan vind virussen en worden verwijderd.
Maar het blijft maar terugkomen.
Het valt mij wel op dat het openen van internetexplorer lang duurt.
Graag HULP.
Alvast bedankt.
Kristof

Antwoord niet gevonden? Stel hier je vraag:

M@rc 22 december 2004, 18:14

Download HijackThis.
Unzip het. Sla het bestand op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maakt namelijk backups in de map waar het opgestart wordt.
Run het programma. Klik op scan, save log en sla het log op als een .txt bestand.
Kopieer en plak de volledige inhoud van dit logbestand in je volgende bericht.

kristof 22 december 2004, 18:48

Logfile of HijackThis v1.99.0
Scan saved at 18:46:50, on 22/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\DOCUME~1\Frank\LOCALS~1\Temp\20.tmp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\atljd32.exe
C:\WINDOWS\ieox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Frank\Mijn documenten\Excel7\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.pandora.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.pandora.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {D45F954C-7B53-AE0C-955A-307DD79D8456} - C:\WINDOWS\system32\javayz.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent.exe
O4 - HKLM\..\Run: [20.tmp] C:\DOCUME~1\Frank\LOCALS~1\Temp\20.tmp.exe 0 10001
O4 - HKLM\..\Run: [20.tmp.exe] C:\DOCUME~1\Frank\LOCALS~1\Temp\20.tmp.exe 1 10001
O4 - HKLM\..\Run: [atljd32.exe] C:\WINDOWS\atljd32.exe
O4 - HKLM\..\RunOnce: [ieox.exe] C:\WINDOWS\ieox.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: VanBredaOnline Security Applet - https://www.vanbredaonline.be/applets/ema.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://www.pussyharem.com/stream/mmp.cab
O16 - DPF: {970BF476-3CF2-4572-9EF9-4479E1591DB8} (VacPro.belgio_ver3) - http://ocx2.advnt01.com/dialer/belgio_ver3.CAB
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN_XP.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\syspl32.exe (file missing)

M@rc 22 december 2004, 18:59

Reboot de computer.
Download ServiceFilter.zip.
Unzip het naar je bureaublad zodat je het makkelijk kan terugvinden.
Dubbelklik op ServiceFilter.vbs.
Sommige antivirusprogramma's kunnen een melding geven. Sta toe om dit script uit te voeren.
Er wordt een tekstbestandje geopend dat POST_THIS.TXT noemt.
Kopieer en plak de inhoud van dat tekstbestandje in je volgende post.
Maak een nieuwe HijackThislog en post deze ook.
Vanaf nu laat je niks meer verwijderen door anti-spyware-tools of anti-virusprogramma's.

kristof 22 december 2004, 19:21

Reboot de computer
Wat betekend dit?
Hoe moet ik dit doen?
Ben maar een leek.
Nogmaals dank.
Kristof

M@rc 22 december 2004, 19:23

De computer afsluiten en opnieuw starten.

kristof 22 december 2004, 19:37

The script did not recognize the services listed below.
This does not mean that they are a problem.
To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"
########################################
ServiceFilter 1.1
by rand1038
Microsoft Windows XP Professional
Version: 5.1.2600
dec 22, 2004 19:35:29
---> Begin Service Listing <---
Unknown Service # 1
Service Name: PavPrSrv
Display Name: Panda Process Protection Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\program files\common files\panda software\pavshld\pavprsrv.exe"
State: Running
Process ID: 1880
Started: Waar
Exit Code: 0
Accept Pause: Onwaar
Accept Stop: Onwaar
Unknown Service # 2
Service Name: PAVSRV
Display Name: Panda anti-virus service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\program files\panda software\panda titanium antivirus 2004\pavsrv51.exe"
State: Running
Process ID: 1900
Started: Waar
Exit Code: 0
Accept Pause: Onwaar
Accept Stop: Waar
Unknown Service # 3
Service Name: PSIMSVC
Display Name: Panda IManager Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\program files\panda software\panda titanium antivirus 2004\psimsvc.exe"
State: Running
Process ID: 2036
Started: Waar
Exit Code: 0
Accept Pause: Onwaar
Accept Stop: Waar
Unknown Service #4
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Beheert schaduwkopieën op basis van software, die door de Volume Shadow Copy-service zijn gemaakt. ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{0593c4b8-3389-4a3d-8c8b-3adedf96cfdd}
State: Stopped
Process ID: 0
Started: Onwaar
Exit Code: 1077
Accept Pause: Onwaar
Accept Stop: Onwaar
Unknown Service # 5
Service Name: %AF夶À¨
Display Name: Workstation NetLogon Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Share Process
Path: c:\windows\system32\syspl32.exe /s
State: Stopped
Process ID: 0
Started: Onwaar
Exit Code: 0
Accept Pause: Onwaar
Accept Stop: Onwaar
---> End Service Listing <---
There are 84 Win32 services on this machine.
5 were unrecognized.
Script Execution Time: 0,6875 seconds.

kristof 22 december 2004, 19:39

Logfile of HijackThis v1.99.0
Scan saved at 19:38:46, on 22/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ieox.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\atljd32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.pandora.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.pandora.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {D45F954C-7B53-AE0C-955A-307DD79D8456} - C:\WINDOWS\system32\javayz.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent.exe
O4 - HKLM\..\Run: [20.tmp] C:\DOCUME~1\Frank\LOCALS~1\Temp\20.tmp.exe 0 10001
O4 - HKLM\..\Run: [atljd32.exe] C:\WINDOWS\atljd32.exe
O4 - HKLM\..\RunOnce: [ieox.exe] C:\WINDOWS\ieox.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: VanBredaOnline Security Applet - https://www.vanbredaonline.be/applets/ema.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://www.pussyharem.com/stream/mmp.cab
O16 - DPF: {970BF476-3CF2-4572-9EF9-4479E1591DB8} (VacPro.belgio_ver3) - http://ocx2.advnt01.com/dialer/belgio_ver3.CAB
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN_XP.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\syspl32.exe (file missing)

M@rc 22 december 2004, 19:56

Kristof,
Belangrijk is dat je alles achter elkaar uitvoert zonder onderbreking. Lees het even door, want het wordt een hele klus.
Lukt er iets niet, ga dan naar de volgende stap.
Ga naar Configuratiescherm – Software – Programma’s wijzigen en verwijderen : deïnstalleer New.net Application en NewDotNet (Domains)
Print de rest van de instructies uit.
1. Download dit regfiletje: HSfix.zip.
Unzip het en plaats het op je buroblad, zodat je dit later makkelijk kan terug vinden wanneer je het nodig hebt.
2. Download CWShredder.
Plaatst het bestand ergens waar je het makkelijk kan terug vinden, maar gebruik het nu nog niet.
3. Download About:buster. Unzip het naar c:\aboutbuster en controleer
of er updates beschikbaar. Installeer deze.
Gebruik het programma nog niet.
4. Zorg dat alle verborgen bestanden weergegeven worden.
5. Start de computer in veilige modus.
6. Sluit alle vensters, run HijackThis nog een keer en laat volgende items repareren:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yjkir.dll/sp.html#27130
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {D45F954C-7B53-AE0C-955A-307DD79D8456} - C:\WINDOWS\system32\javayz.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent.exe
O4 - HKLM\..\Run: [20.tmp] C:\DOCUME~1\Frank\LOCALS~1\Temp\20.tmp.exe 0 10001
O4 - HKLM\..\Run: [atljd32.exe] C:\WINDOWS\atljd32.exe
O4 - HKLM\..\RunOnce: [ieox.exe] C:\WINDOWS\ieox.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://www.pussyharem.com/stream/mmp.cab
O16 - DPF: {970BF476-3CF2-4572-9EF9-4479E1591DB8} (VacPro.belgio_ver3) - http://ocx2.advnt01.com/dialer/belgio_ver3.CAB
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN_XP.cab
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\syspl32.exe (file missing)

7. Dubbelklik op HSfix.reg om de wijzigingen aan het register toe te voegen.
8. Verwijder de volgende bestanden:
C:\WINDOWS\system32\yjkir.dll
C:\WINDOWS\system32\javayz.dll
C:\WINDOWS\atljd32.exe
C:\WINDOWS\ieox.exe
C:\WINDOWS\system32\syspl32.exe
En deze mappen:
C:\WINDOWS\mslagent
9. Maak je Temp-map leeg: Start – Uitvoeren tik in: %TEMP%. Selecteer alle bestanden en verwijder ze.
10. Ledig de map met Tijdelijke internetbestanden: Ga naar Configuratiescherm – Internetopties – tabblad Algemeen – klik bij
Tijdelijke internetbestanden op Bestanden Verwijderen.
11. Herstel je webinstellingen: ga naar Configuratiescherm – Internetopties – tabblad Programma’s. Klik op de knop
Webinstellingen herstellen.
12. Start CWShredder en klik op de fix-knop.
13. Start About:buster. Laat het programma 2 keer scannen.
14. Reboot de computer nu in normale modus. Run Hijackthis opnieuw en post een nieuwe log.
Succes.
Marc

kristof 22 december 2004, 20:40

Marc,
Tot hier ben ik nu,
Hoe verder?
7. Dubbelklik op HSfix.reg om de wijzigingen aan het register toe te voegen.
Heb gedaan maar ik vind de bestanden niet.
8. Verwijder de volgende bestanden:
C:\WINDOWS\system32\yjkir.dll
C:\WINDOWS\system32\javayz.dll
C:\WINDOWS\atljd32.exe
C:\WINDOWS\ieox.exe
C:\WINDOWS\system32\syspl32.exe
En deze mappen:
C:\WINDOWS\mslagent
9. Maak je Temp-map leeg: Start – Uitvoeren tik in: %TEMP%. Selecteer alle bestanden en verwijder ze.
10. Ledig de map met Tijdelijke internetbestanden: Ga naar Configuratiescherm – Internetopties – tabblad Algemeen – klik bij
Tijdelijke internetbestanden op Bestanden Verwijderen.
11. Herstel je webinstellingen: ga naar Configuratiescherm – Internetopties – tabblad Programma’s. Klik op de knop
Webinstellingen herstellen.
12. Start CWShredder en klik op de fix-knop.
13. Start About:buster. Laat het programma 2 keer scannen.
14. Reboot de computer nu in normale modus. Run Hijackthis opnieuw en post een nieuwe log.
Succes.
Marc

M@rc 22 december 2004, 20:45

Kristof,
Hopelijk post je dit van een andere computer?
Lukt de regfile niet?
Of kan je de bestanden niet vinden?
Verborgen bestanden en mappen zichtbaar gemaakt? http://users.telenet.be/marcvn/spyware/1117602.htm
Neem de volgende stap als iets niet lukt.

kristof 22 december 2004, 20:50

7. Dubbelklik op HSfix.reg om de wijzigingen aan het register toe te voegen.
Heb ik gedaan maar waar vind ik de bestanden die onder 8 staan?
Werk wel altijd op zelfde computer
Kristof

M@rc 22 december 2004, 20:56

Op de aangegeven locatie. Zoek ze via verkenner.
Lukt het niet, dan sla je deze stap over en ga je verder met 9.
About:buster zal een logje maken (stap 13). Sla dit logje op en post het.

kristof 22 december 2004, 21:21

gfile of HijackThis v1.99.0
Scan saved at 21:19:56, on 22/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\atljd32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ieox.exe
C:\Documents and Settings\Frank\Mijn documenten\Excel7\HijackThis.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.pandora.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.pandora.be:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {787633EB-8F9E-66A4-0026-A3987933DF9F} - C:\WINDOWS\d3li.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [atljd32.exe] C:\WINDOWS\atljd32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: VanBredaOnline Security Applet - https://www.vanbredaonline.be/applets/ema.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\ieox.exe

M@rc 22 december 2004, 21:25

Niet rebooten Kristof. De infectie is nog aanwezig.
Download ServiceFilter.zip.
Unzip het naar je bureaublad zodat je het makkelijk kan terugvinden.
Dubbelklik op ServiceFilter.vbs.
Sommige antivirusprogramma's kunnen een melding geven. Sta toe om dit script uit te voeren.
Er wordt een tekstbestandje geopend dat POST_THIS.TXT noemt.
Kopieer en plak de inhoud van dat tekstbestandje in je volgende post.

kristof 22 december 2004, 21:39

The script did not recognize the services listed below.
This does not mean that they are a problem.
To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"
########################################
ServiceFilter 1.1
by rand1038
Microsoft Windows XP Professional
Version: 5.1.2600
dec 22, 2004 21:38:05
---> Begin Service Listing <---
Unknown Service # 1
Service Name: PavPrSrv
Display Name: Panda Process Protection Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\program files\common files\panda software\pavshld\pavprsrv.exe"
State: Running
Process ID: 496
Started: Waar
Exit Code: 0
Accept Pause: Onwaar
Accept Stop: Onwaar
Unknown Service # 2
Service Name: PAVSRV
Display Name: Panda anti-virus service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\program files\panda software\panda titanium antivirus 2004\pavsrv51.exe"
State: Running
Process ID: 512
Started: Waar
Exit Code: 0
Accept Pause: Onwaar
Accept Stop: Waar
Unknown Service # 3
Service Name: PSIMSVC
Display Name: Panda IManager Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\program files\panda software\panda titanium antivirus 2004\psimsvc.exe"
State: Running
Process ID: 552
Started: Waar
Exit Code: 0
Accept Pause: Onwaar
Accept Stop: Waar
Unknown Service #4
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Beheert schaduwkopieën op basis van software, die door de Volume Shadow Copy-service zijn gemaakt. ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{0593c4b8-3389-4a3d-8c8b-3adedf96cfdd}
State: Stopped
Process ID: 0
Started: Onwaar
Exit Code: 1077
Accept Pause: Onwaar
Accept Stop: Onwaar
Unknown Service # 5
Service Name: %AF夶À¨
Display Name: Workstation NetLogon Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Share Process
Path: c:\windows\ieox.exe /s
State: Running
Process ID: 1048
Started: Waar
Exit Code: 0
Accept Pause: Onwaar
Accept Stop: Waar
---> End Service Listing <---
There are 84 Win32 services on this machine.
5 were unrecognized.
Script Execution Time: 0,9375 seconds.

kristof 22 december 2004, 21:43

The script did not recognize the services listed below.
This does not mean that they are a problem.
To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"
########################################
ServiceFilter 1.1
by rand1038
Microsoft Windows XP Professional
Version: 5.1.2600
dec 22, 2004 21:38:05
---> Begin Service Listing <---
Unknown Service # 1
Service Name: PavPrSrv
Display Name: Panda Process Protection Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\program files\common files\panda software\pavshld\pavprsrv.exe"
State: Running
Process ID: 496
Started: Waar
Exit Code: 0
Accept Pause: Onwaar
Accept Stop: Onwaar
Unknown Service # 2
Service Name: PAVSRV
Display Name: Panda anti-virus service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\program files\panda software\panda titanium antivirus 2004\pavsrv51.exe"
State: Running
Process ID: 512
Started: Waar
Exit Code: 0
Accept Pause: Onwaar
Accept Stop: Waar
Unknown Service # 3
Service Name: PSIMSVC
Display Name: Panda IManager Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\program files\panda software\panda titanium antivirus 2004\psimsvc.exe"
State: Running
Process ID: 552
Started: Waar
Exit Code: 0
Accept Pause: Onwaar
Accept Stop: Waar
Unknown Service #4
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Beheert schaduwkopieën op basis van software, die door de Volume Shadow Copy-service zijn gemaakt. ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{0593c4b8-3389-4a3d-8c8b-3adedf96cfdd}
State: Stopped
Process ID: 0
Started: Onwaar
Exit Code: 1077
Accept Pause: Onwaar
Accept Stop: Onwaar
Unknown Service # 5
Service Name: %AF夶À¨
Display Name: Workstation NetLogon Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Share Process
Path: c:\windows\ieox.exe /s
State: Running
Process ID: 1048
Started: Waar
Exit Code: 0
Accept Pause: Onwaar
Accept Stop: Waar
---> End Service Listing <---
There are 84 Win32 services on this machine.
5 were unrecognized.
Script Execution Time: 0,9375 seconds.

M@rc 22 december 2004, 21:44

Kristof,
We proberen nog een keer.
Om de bestanden te verwijderen gaan we nu een tooltje gebruiken : killbox.
CWSHredder en About:buster heb je nog.
Kopieer deze fix in een kladblokbestand en plaats deze op je bureaublad.
1. Download Pocket KillBox
Unzip het programma naar je bureaublad.
2. Download dit regfiletje: HSfix.zip.
Unzip het en plaats het op je buroblad, zodat je dit later makkelijk kan terug vinden wanneer je het nodig hebt.
3. Zorg dat alle verborgen bestanden weergegeven worden.
4. Start de computer in veilige modus.
5. Sluit alle vensters, run HijackThis nog een keer en laat volgende items repareren:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {787633EB-8F9E-66A4-0026-A3987933DF9F} - C:\WINDOWS\d3li.dll
O4 - HKLM\..\Run: [atljd32.exe] C:\WINDOWS\atljd32.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\ieox.exe

7. Dubbelklik op HSfix.reg om de wijzigingen aan het register toe te voegen.
8. Klik op Killbox.exe (dat we in stap in gedownload hebben):
In het veld “Full path of file to delete" Kopieer en plak je het volgende:

C:\WINDOWS\atljd32.exe

Klik op de knop met de rode cirkel en het witte kruis.
Sta toe om het bestand te verwijderen.
In het veld “Full path of file to delete" Kopieer en plak je het volgende:

C:\WINDOWS\ieox.exe

Klik op de knop met de rode cirkel en het witte kruis.
Sta toe om het bestand te verwijderen.
9. Maak je Temp-map leeg: Start – Uitvoeren tik in: %TEMP%. Selecteer alle bestanden en verwijder ze.
10. Ledig de map met Tijdelijke internetbestanden: Ga naar Configuratiescherm – Internetopties – tabblad Algemeen – klik bij Tijdelijke internetbestanden op Bestanden Verwijderen.
11. Herstel je webinstellingen: ga naar Configuratiescherm – Internetopties – tabblad Programma’s. Klik op de knop Webinstellingen herstellen.
12. Start CWShredder en klik op de fix-knop.
13. Start About:buster. Laat het programma een tweee keer scannen.
14. Reboot de computer nu in normale modus. Run Hijackthis opnieuw en post een nieuwe log.

Antwoord niet gevonden? Stel hier je vraag: