Vraag & Antwoord

Beveiliging & privacy

1e poging HJK log

8 antwoorden
  • PC zoonlief opgeschoond HOOP IK :wink: hier is 1e log Logfile of HijackThis v1.98.2 Scan saved at 19:42:07, on 1-9-2004 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\WINNT\System32\svchost.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\scagent.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.exe C:\WINNT\loadqm.exe C:\PROGRA~1\MyWay\bar\2.bin\mwsoemon.exe C:\Program Files\QuickTime\qttask.exe c:\progra~1\intern~1\iexplore.exe C:\WINNT\System32\P2P Networking\P2P Networking.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\NetPumper\NetPumperIEProxy.exe C:\WINNT\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINNT\System32\internat.exe C:\Program Files\MSN Messenger\msnmsgr.exe D:\Program Files\Warez P2P Client\warez.exe C:\Program Files\Logitech\Video\ManifestEngine.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hijackthis\HijackThis.exe C:\WINNT\system32\regsvr32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dreskwnizsjakeyjxajbgfve.com/uKwdqYGMB44kWTkL5DZMEdhOuF1VBmTePKb1carQ/tg.cgi R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nafhxxhkpfms.com/uKwdqYGMB45PT_YhxqHV1256pLvAJakf_FNeqBaYp1zKw9dPXRV0Z9vpzNggz1yd.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: HyperSearchHook - {4015B42C-1A15-40C8-B4C4-56B08D2CE043} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\2.bin\MWSSRCAS.DLL O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\2.bin\MWSBAR.DLL O2 - BHO: (no name) - {17AB685C-9630-5EC8-D324-17550AA07848} - C:\WINNT\System32\buxt.dll O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll O2 - BHO: (no name) - {6A108780-A47D-4062-B4B6-036A120C058A} - C:\WINNT\System32\nmabhgc.dll (file missing) O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll O2 - BHO: IEHelper - {ff4009b5-25f7-41b7-aa97-3f0f7a6e903f} - C:\WINNT\System32\Q94648186.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\2.bin\MWSBAR.DLL O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: win32 - {C94158E1-6151-4442-ABE6-FD53D6534EFB} - C:\WINNT\Downloaded Program Files\win32.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [SHIM MIX] C:\PROGRA~1\IDLEGREY\dart tick.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Dimension] C:\Program Files\Dimension\Dimension.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [binqpzmees] C:\WINNT\System32\qhlxst.exe O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load O4 - HKLM\..\Run: [nstat] C:\WINNT\netstat.exe O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\2.bin\mwsoemon.exe O4 - HKCU\..\Run: [warez] "D:\Program Files\Warez P2P Client\warez.exe" -h O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWay\bar\2.bin\MWSOEMON.EXE O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWay\bar\2.bin\MWSOEMON.EXE O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.nl O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchmiracle.com O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://www.advnt01.com/dialer/olanda_ver3.CAB O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/mainsp.chm::/on-line.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/nl/2/060187nl.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games4.cab O16 - DPF: {C94158E1-6151-4442-ABE6-FD53D6534EFB} (win32) - http://searchfind.info/bar/win32.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4336/mcfscan.cab O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.98.176.62/EPlugin_NL.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7A95D8AE-2EB6-4C20-9207-60D809E32755}: NameServer = 192.168.1.1 O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINNT\digfilt.dll
  • Niet schoon, kijk er straks naar.
  • Deïnstalleer de volgende programma's: P2P Network MyWay Speed Bar Messsengerplus Run deze uninstallers: http://lop.com/new_uninstall.exe http://lop.com/toolbar_uninstall.exe Reboot de computer. Scan met een geupdate Ad-ware: http://users.pandora.be/marcvn/spyware/1414188.ht Doe een online-scan: http://housecall.trendmicro.com/housecall/start_corp.asp Reboot, run HijackThis en post een nieuwe log. Er is nog wat werk te doen... Wil je Messengerplus blijven gebruiken, installeer het dan zonder sponsors.
  • Thnx ga er van de week mee verder, moet ook nog een huishouden runnen :lol:
  • EEA geprobeerd, online scannen gaat niet. Interne fout van IE sluit de vensters Is een Format c: een optie?? Symantic blijft ook kankeren dat ie een aantal virussen niet kan deleten of in quarantaine kan zetten :-? hier 2e log Logfile of HijackThis v1.98.2 Scan saved at 22:33:12, on 1-9-2004 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\WINNT\System32\svchost.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\scagent.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.exe C:\WINNT\loadqm.exe C:\PROGRA~1\MyWay\bar\2.bin\mwsoemon.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\NetPumper\NetPumperIEProxy.exe C:\WINNT\System32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINNT\System32\internat.exe D:\Program Files\Warez P2P Client\warez.exe C:\Program Files\Logitech\Video\ManifestEngine.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com/check/5.asp R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: HyperSearchHook - {4015B42C-1A15-40C8-B4C4-56B08D2CE043} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\2.bin\MWSSRCAS.DLL O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\2.bin\MWSBAR.DLL O2 - BHO: (no name) - {17AB685C-9630-5EC8-D324-17550AA07848} - C:\WINNT\System32\buxt.dll O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll O2 - BHO: (no name) - {6A108780-A47D-4062-B4B6-036A120C058A} - C:\WINNT\System32\nmabhgc.dll (file missing) O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll O2 - BHO: IEHelper - {ff4009b5-25f7-41b7-aa97-3f0f7a6e903f} - C:\WINNT\System32\Q94648186.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\2.bin\MWSBAR.DLL O3 - Toolbar: @msdxmLC.dll,-1@1043,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: win32 - {C94158E1-6151-4442-ABE6-FD53D6534EFB} - C:\WINNT\Downloaded Program Files\win32.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Dimension] C:\Program Files\Dimension\Dimension.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [binqpzmees] C:\WINNT\System32\qhlxst.exe O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load O4 - HKLM\..\Run: [nstat] C:\WINNT\netstat.exe O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\2.bin\mwsoemon.exe O4 - HKCU\..\Run: [warez] "D:\Program Files\Warez P2P Client\warez.exe" -h O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWay\bar\2.bin\MWSOEMON.EXE O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWay\bar\2.bin\MWSOEMON.EXE O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm148 O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.nl O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchmiracle.com O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://www.advnt01.com/dialer/olanda_ver3.CAB O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/mainsp.chm::/on-line.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/nl/2/060187nl.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games4.cab O16 - DPF: {C94158E1-6151-4442-ABE6-FD53D6534EFB} (win32) - http://searchfind.info/bar/win32.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4336/mcfscan.cab O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.98.176.62/EPlugin_NL.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7A95D8AE-2EB6-4C20-9207-60D809E32755}: NameServer = 192.168.1.1 O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINNT\digfilt.dll
  • Kijk er ff naar. Overigens mag Netpumper ook verwijderd en is Windows Update bijzonder aan te bevelen. IE versie is zowat antiek. Deïnstalleer Messenger Plus incl sponsorpakket, zoals M@rc al aangaf.
  • Formatteren? Nog niet nodig. Ad-aware niet geprobeerd...???? Hier gaan we. Hopelijk werkt de printer? Print uit en blijf even van het net. Druk op CTRL+ALT+DEL om Windows Taakbeheer te openen. Ga naar het tabblad processen en beëindig de volgende processen: mwsoemon.exe warez.exe Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:98fd04ab55] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com/check/5.asp R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com R3 - URLSearchHook: HyperSearchHook - {4015B42C-1A15-40C8-B4C4-56B08D2CE043} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\2.bin\MWSSRCAS.DLL O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\2.bin\MWSBAR.DLL O2 - BHO: (no name) - {17AB685C-9630-5EC8-D324-17550AA07848} - C:\WINNT\System32\buxt.dll O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll O2 - BHO: (no name) - {6A108780-A47D-4062-B4B6-036A120C058A} - C:\WINNT\System32\nmabhgc.dll (file missing) O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\System32\nvms.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\System32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\System32\msbe.dll O2 - BHO: IEHelper - {ff4009b5-25f7-41b7-aa97-3f0f7a6e903f} - C:\WINNT\System32\Q94648186.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\2.bin\MWSBAR.DLL O3 - Toolbar: win32 - {C94158E1-6151-4442-ABE6-FD53D6534EFB} - C:\WINNT\Downloaded Program Files\win32.dll O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [binqpzmees] C:\WINNT\System32\qhlxst.exe O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load O4 - HKLM\..\Run: [nstat] C:\WINNT\netstat.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\2.bin\mwsoemon.exe O4 - HKCU\..\Run: [warez] "D:\Program Files\Warez P2P Client\warez.exe" -h O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm148 O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.nl O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchmiracle.com O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://www.advnt01.com/dialer/olanda_ver3.CAB O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/mainsp.chm::/on-line.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/nl/2/060187nl.exe O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games4.cab O16 - DPF: {C94158E1-6151-4442-ABE6-FD53D6534EFB} (win32) - http://searchfind.info/bar/win32.cab O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.98.176.62/EPlugin_NL.cab O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINNT\digfilt.dll [/b:98fd04ab55] Als je dit gedaan hebt [url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406]start je de computer op in veilige modus[/url]. Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url], en verwijder de volgende bestanden of mappen indien aanwezig: C:\WINNT\System32\qhlxst.exe <--dit bestand C:\WINNT\netstat.exe <--dit bestand C:\Program Files\Date Manager <--deze map C:\Program Files\Common Files\GMT <--deze map C:\WINNT\digfilt.dll <--dit bestand C:\PROGRA~1\MyWay <--deze map C:\Program Files\Common Files\Hyperbar <--deze map Reboot de computer, run HijackThis opnieuw en post een nieuwe log. edit: sorry Rieske :-?
  • Is ok, M@rc.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.