Vraag & Antwoord

Beveiliging & privacy

Help startpagina probleem zie Logfile of HijackThis

12 antwoorden
  • Logfile of HijackThis v1.97.7 Scan saved at 20:24:59, on 13-8-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\System32\bca.exe D:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {39AB2571-A753-401F-8C8E-5E69BEC2A622} - C:\WINDOWS\System32\ebpg.dll O2 - BHO: (no name) - {4DDD3F59-C93C-2DB0-8752-115504A67B6E} - C:\WINDOWS\System32\veqcd.dll O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:C:\iehelp.chm::/on-line.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.4425115741 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  • Kijk 'm ff na (hoewel de Hijackthis versie ver over de datum is).
  • Excuses, maar ik heb ècht een log met de laatste Hijackthis versie nodig. http://computercops.biz/downloads-file-328.html
  • Voor je de nieuwe hijackthislog post van versie 1.98.2 die Rieske vraagt, deïnstaller je best Twain-tech. (Configuratiescherm - Software - Programma's wijzigen en verwijderen)
  • Logfile of HijackThis v1.98.2 Scan saved at 19:50:10, on 15-8-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\E-Color\Common\IconMgr.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe C:\WINDOWS\System32\devldr32.exe D:\hijackthis\Nieuwe map\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {39AB2571-A753-401F-8C8E-5E69BEC2A622} - C:\WINDOWS\System32\ebpg.dll O2 - BHO: (no name) - {4DDD3F59-C93C-2DB0-8752-115504A67B6E} - C:\WINDOWS\System32\veqcd.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:C:\iehelp.chm::/on-line.exe O18 - Filter: text/html - {642604B8-B38C-4EE3-A3F7-CBCFE37B6139} - C:\WINDOWS\System32\ebpg.dll O18 - Filter: text/plain - {642604B8-B38C-4EE3-A3F7-CBCFE37B6139} - C:\WINDOWS\System32\ebpg.dll O21 - SSODL: System - {F34CFDA2-D375-4D97-825E-DA88D8036367} - (no file)
  • move to B&P t.
  • Twaintec al gedeïnstalleerd, zoals Marc vroeg?
  • Ga naar Configuratiescherm - Software - Programma's wijzigen en verwijderen. Deïnstalleer Twain Tech Sla HijackThis op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maakt namelijk backups in de map waar het opgestart wordt. Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:c4323dab8d] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O2 - BHO: (no name) - {39AB2571-A753-401F-8C8E-5E69BEC2A622} - C:\WINDOWS\System32\ebpg.dll O2 - BHO: (no name) - {4DDD3F59-C93C-2DB0-8752-115504A67B6E} - C:\WINDOWS\System32\veqcd.dll O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file) O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) [/b:c4323dab8d] Download [url=http://users.pandora.be/marcvn/tools/appinit.zip]Appinit.bat[/url]. Unzip het naar je buroblad. Klik op appinit.bat. Er verschijnt heel kort een 'dos-box' en er wordt een bestand windows.txt aangemaakt. Kopieer en plak de inhoud van dit bestand samen met een nieuwe hijackthislog in je volgende bericht. groeten,
  • ...woorden uit de mond. Zie een Gardena voorbijrazen... Deze nog niet verwijderen? [code:1:1d4b6cb85a]O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:C:\iehelp.chm::/on-line.exe O18 - Filter: text/html - {642604B8-B38C-4EE3-A3F7-CBCFE37B6139} - C:\WINDOWS\System32\ebpg.dll O18 - Filter: text/plain - {642604B8-B38C-4EE3-A3F7-CBCFE37B6139} - C:\WINDOWS\System32\ebpg.dll O21 - SSODL: System - {F34CFDA2-D375-4D97-825E-DA88D8036367} - (no file)[/code:1:1d4b6cb85a]
  • Bedankt voor jullie hulp het werkt weer goed. :lol: groet hk
  • Post ff een nieuwe log nog.
  • [quote:abdb3a7d47="=Rieske="] Deze nog niet verwijderen? [code:1:abdb3a7d47]O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:C:\iehelp.chm::/on-line.exe O18 - Filter: text/html - {642604B8-B38C-4EE3-A3F7-CBCFE37B6139} - C:\WINDOWS\System32\ebpg.dll O18 - Filter: text/plain - {642604B8-B38C-4EE3-A3F7-CBCFE37B6139} - C:\WINDOWS\System32\ebpg.dll O21 - SSODL: System - {F34CFDA2-D375-4D97-825E-DA88D8036367} - (no file)[/code:1:abdb3a7d47][/quote:abdb3a7d47] Heb er even op verder gezocht, ik had ze laten staan omdat ik er niet zeker van was, maar ze moeten eruit. CLSID zijn random. (is typisch) Ben wel benieuwd of hijackthis ze kan fixen... Post ook het resultaat van appinit.bat als je wil.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.