Vraag & Antwoord

Beveiliging & privacy

Hijack log

10 antwoorden
  • Hallo We hebben nogal last van vervelende popups ed. Kan iemand mij vertellen wat ik kan verwijderen uit deze hijack log? Logfile of HijackThis v1.97.7 Scan saved at 19:52:04, on 26-4-2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSVC32\WINSVC32.EXE C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE C:\DOWNLOAD\DANIEL\CARNIVORES ICE AGE\CARNIVORES2-DM.EXE C:\DOWNLOAD\DANIEL\ROBOT ARENA\ROBOTARENA-DM.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\WINTSVSU.EXE C:\WINDOWS\RUNDLL32.EXE C:\CS4P028.EXE C:\WINDOWS\DESKTOP\GARTA\HIJACKTHIS.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?si-001 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?si-001 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?si-001 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?si-001 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL (disabled by BHODemon) O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file) O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\PROGRAM FILES\DASHBAR\DASHBAR15.DLL (file missing) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui O4 - HKLM\..\Run: [Casema Migratie] C:\WINDOWS\DESKTOP\DIVERSENEDWIN\DHCPSWITCH.EXE O4 - HKLM\..\RunServices: [WinSvc32.exe] C:\WINDOWS\SYSTEM\msvc32\WinSvc32.exe O4 - HKLM\..\RunServices: [WinSvc16.exe] C:\WINDOWS\SYSTEM\winsvc32\WinSvc16.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [User Stylesheet] C:\WINDOWS\system\s97e40o7i.gx7 O4 - HKCU\..\Run: [WCPS] C:\WINDOWS\SYSTEM\wintsvsu.exe O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\mswmdm.dll" O4 - HKLM\..\RunOnce: [WMC_1] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\msscp.dll" O4 - HKLM\..\RunOnce: [WMC_2] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\mspmsp.dll" O4 - HKLM\..\RunOnce: [WMC_3] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmdmps.dll" O4 - HKLM\..\RunOnce: [WMC_4] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmdmlog.dll" O4 - HKLM\..\RunOnce: [WMC_5] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\CEWMDM.dll" O4 - HKLM\..\RunOnce: [WMC_6] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmp.dll" O4 - HKLM\..\RunOnce: [WMC_7] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmpshell.dll" O4 - HKLM\..\RunOnce: [WMC_8] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmpdxm.dll" O4 - HKLM\..\RunOnce: [WMC_9] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\WINDOWS\SYSTEM\wmpasf.dll" O4 - HKLM\..\RunOnce: [WMC_10] C:\WINDOWS\SYSTEM\regsvr32.exe /s "C:\Program Files\Windows Media Player\mpvis.dll" O4 - HKLM\..\RunOnce: [WMC_11] C:\WINDOWS\INF\unregmp2.exe /Shortcuts /RegExts O4 - HKLM\..\RunOnce: [ACMWrapperV2.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\ACMWrapperV2.dll" O4 - HKLM\..\RunOnce: [MediaPlayerV2.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\MediaPlayerV2.dll" O4 - HKLM\..\RunOnce: [driversV2.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\driversV2.dll" O4 - HKLM\..\RunOnce: [Cdbootable.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Cdbootable.dll" O4 - HKLM\..\RunOnce: [cdDataPS.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdDataPS.dll" O4 - HKLM\..\RunOnce: [cdExtra.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdExtra.dll" O4 - HKLM\..\RunOnce: [cdmp3.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdmp3.dll" O4 - HKLM\..\RunOnce: [database.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\database.dll" O4 - HKLM\..\RunOnce: [ISO9660.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\ISO9660.dll" O4 - HKLM\..\RunOnce: [Joliet.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Joliet.dll" O4 - HKLM\..\RunOnce: [Udf.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Udf.dll" O4 - HKLM\..\RunOnce: [creator.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\creator.dll" O4 - HKLM\..\RunOnce: [Translator.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Translator.dll" O4 - HKLM\..\RunOnce: [CDEngine.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\CDEngine.dll" O4 - Global Startup: WinSvc32.exe O4 - Global User Startup: WinSvc32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38053.5002777778 O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = zoldercomputers O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1 gr evelyn
  • Download [url=http://www.spywareinfo.com/~merijn/files/CWShredder.exe]CWShredder[/url]. Start het programma, klik op de Fix-knop. Rebooten wanneer CWShredder klaar is. edit: nadien nog even scannen met Ad-Aware. Instructies vind je in de spyware-faq. Run HijackThis nog een keer en post een nieuwe log.
  • Hoi hhoi Ik heb gedaan wat je scheef. Eerst cwschredder, opnieuw gestart en toen nog ad-aware eroverheen gehaald. Dit is het nieuwe hijack log gr Evelyn Logfile of HijackThis v1.97.7 Scan saved at 20:36:33, on 26-4-2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSVC32\WINSVC32.EXE C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\WINTSVSU.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\DESKTOP\DIVERSENEDWIN\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL (disabled by BHODemon) O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file) O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\PROGRAM FILES\DASHBAR\DASHBAR15.DLL (file missing) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui O4 - HKLM\..\RunServices: [WinSvc32.exe] C:\WINDOWS\SYSTEM\msvc32\WinSvc32.exe O4 - HKLM\..\RunServices: [WinSvc16.exe] C:\WINDOWS\SYSTEM\winsvc32\WinSvc16.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [User Stylesheet] C:\WINDOWS\system\s97e40o7i.gx7 O4 - HKCU\..\Run: [WCPS] C:\WINDOWS\SYSTEM\wintsvsu.exe O4 - Global Startup: WinSvc32.exe O4 - Global User Startup: WinSvc32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38053.5002777778 O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = zoldercomputers O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1
  • Hoi evelyn, Ga naar je taakmanager en beeindig het volgende proces: WINTSVSU.EXE Sluit nu alle vensters en open Hijackthis, verwijder alleen de volgende sleutels: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file) O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file) O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\PROGRAM FILES\DASHBAR\DASHBAR15.DLL (file missing) O4 - HKCU\..\Run: [WCPS] C:\WINDOWS\SYSTEM\wintsvsu.exe Start daarna in veilige modus en met alle bestanden weergeven aan op en verwijder: C:\WINDOWS\SYSTEM\WINTSVSU.EXE <= Dit bestand Maak daarna een nieuw Hijacklog en post die in je volgende bericht.
  • Ok Hier is weer het nieuwe log van Hijack Gr Evelyn Logfile of HijackThis v1.97.7 Scan saved at 21:36:41, on 26-4-2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\DESKTOP\DIVERSENEDWIN\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hkcu R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.nl/ R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL (disabled by BHODemon) O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\Lycos\IEagent\Loader.exe O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE O4 - HKLM\..\RunServices: [WinSvc32.exe] C:\WINDOWS\SYSTEM\msvc32\WinSvc32.exe O4 - HKLM\..\RunServices: [WinSvc16.exe] C:\WINDOWS\SYSTEM\winsvc32\WinSvc16.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [User Stylesheet] C:\WINDOWS\system\s97e40o7i.gx7 O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe O4 - Global Startup: WinSvc32.exe O4 - Global User Startup: WinSvc32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38053.5002777778 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = zoldercomputers O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1
  • Evelyn, Download [url=http://www.spywareinfo.com/~merijn/files/CWShredder.exe]CWShredder[/url]. Start het programma, klik op de Fix-knop. Niet rebooten. Sla HijackThis op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maakt namelijk backups in de map waar het opgestart wordt. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:0e219b6079] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hkcu R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkl R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file) O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll O4 - HKLM\..\Run: [ClrSchLoader] \Progra~1\Lycos\IEagent\Loader.exe O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE O4 - HKLM\..\RunServices: [WinSvc32.exe] C:\WINDOWS\SYSTEM\msvc32\WinSvc32.exe O4 - HKLM\..\RunServices: [WinSvc16.exe] C:\WINDOWS\SYSTEM\winsvc32\WinSvc16.exe O4 - HKCU\..\Run: [User Stylesheet] C:\WINDOWS\system\s97e40o7i.gx7 O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe O4 - Global Startup: WinSvc32.exe O4 - Global User Startup: WinSvc32.exe [/b:0e219b6079] Als je dit gedaan hebt [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406]start je de computer op in veilige modus[/url]. Zorg dat alle [url=http://www.xtra.co.nz/help/0,,4155-1916458,00.html]verborgen bestanden weergegeven worden[/url], en verwijder de volgende bestanden of mappen indien aanwezig: c:\Progra~1\Lycos <---deze map C:\PROGRAM FILES\TV MEDIA <---deze map C:\WINDOWS\SYSTEM\msvc32\WinSvc32.exe <---dit bestand C:\WINDOWS\SYSTEM\winsvc32\WinSvc16.exe <---dit bestand C:\WINDOWS\system\s97e40o7i.gx7 <---dit bestand C:\WINDOWS\SYSTEM\msmc.exe <---dit bestand Reboot, run hijackThis opnieuw en post een nieuwe log. groeten Marc
  • Oke
  • Hier is dat laatste log. Ik ga nu ff slapen en zonodig morgen weer verder. Alvast bedanktt Logfile of HijackThis v1.97.7 Scan saved at 22:38:11, on 26-4-2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\MSVC32\WINSVC32.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\DESKTOP\DIVERSENEDWIN\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.nl/ R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL (disabled by BHODemon) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE O4 - HKLM\..\RunServices: [WinSvc32.exe] C:\WINDOWS\SYSTEM\msvc32\WinSvc32.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - Global Startup: WinSvc32.exe O4 - Global User Startup: WinSvc32.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38053.5002777778 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = zoldercomputers O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1
  • Dit proces moet je eerst beëindigen: C:\WINDOWS\SYSTEM\MSVC32\WINSVC32.EXE Deze moet je laten repareren door HijackThis: [b:7c3b11b7b5]R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file) O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL O4 - HKLM\..\RunServices: [WinSvc32.exe] C:\WINDOWS\SYSTEM\msvc32\WinSvc32.exe O4 - Global Startup: WinSvc32.exe O4 - Global User Startup: WinSvc32.exe [/b:7c3b11b7b5] Rebooten in veilige modus (tijdens opstarten op F8 drukken) en verwijder C:\WINDOWS\SYSTEM\msvc32 <---deze map Zolang het bestand WinSvc32.exe niet van je pc weg is gaat je probleem niet opgelost zijn. Zorg dat je het verwijdert. info: http://securityresponse.symantec.com/avcenter/venc/data/trojan.grepage.html
  • Bedankt ik ga mijn best weer doen om het weg te krijgen. Vg Evelyn

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.