Vraag & Antwoord

Beveiliging & privacy

log hijack

7 antwoorden
  • help hoe krijg ik internet optimizer weg zie mijn Logfile of HijackThis v1.97.7 Scan saved at 19:31:38, on 19-9-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\ISTsvc\istsvc.exe C:\Program Files\Internet Optimizer\optimize.exe C:\program files\180solutions\msbb.exe C:\WINDOWS\System32\xavsxdch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hotbar\bin\Hbinst.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Gerard\Bureaublad\Nieuwe map\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.planet.nl/ O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\nl\msntb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\250S Series\lwbwheel.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [msbb] c:\program files\180solutions\msbb.exe O4 - HKLM\..\Run: [xnpiomnhb] C:\WINDOWS\System32\xavsxdch.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [pyp] C:\WINDOWS\pyp.exe O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\Hbinst.exe /Upgrade O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Translate (HKLM) O9 - Extra 'Tools' menuitem: LingoWare Translator... (HKLM) O9 - Extra button: Onderzoek (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {04B6182D-FB75-11D4-90D2-0000B4948C7C} (cre8tiv 3Di ATL Control (Internet)) - http://www.quick-step.com/distribution/cre8tiv3dix.cab O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_cracks.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - http://www.solidworks.com/plugins/edrawings/download.cfm?Release=rel O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.planet.nl/exent/classes/ExentCtl.ocx O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.1_07) - http://brainbox.usor.nl:8011/webapps/collabserver/client-lib/6.0.9.213/j2re-1_3_1-win.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game11.zylomgames.com/activex/zylomloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab wat moet ik doen
  • Draai Sybot:Search&Destroy en Ad-Aware (kan je wel vinden op www.google.com) en download dan de nieuwe versie van HiJackThis (1.98.2 oid). Volgens mij kan je HotBar via start menui-->ControlPanel-->Software verwijderen. (Daarna moet je nog de over gebleven troep verwijderen) Daarna (indien dit dan nog aanwezig is): Beeindig het volgende proces: [b:889912414d]xavsxdch.exe istsvc.exe [/b:889912414d] Volgende regels laten fixen: [b:889912414d]O4 - HKLM\..\Run: [xnpiomnhb] C:\WINDOWS\System32\xavsxdch.exe O4 - HKLM\..\Run: [pyp] C:\WINDOWS\pyp.exe O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\Hbinst.exe /Upgrade O16 - DPF: {04B6182D-FB75-11D4-90D2-0000B4948C7C} (cre8tiv 3Di ATL Control (Internet)) - http://www.quick-step.com/distribution/cre8tiv3dix.cab O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_cracks.cab C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [msbb] c:\program files\180solutions\msbb.exe [/b:889912414d] Je moet hierna ook nog wat files deleten, maar ik moet weg, iemand anders helpt je wel.
  • Ik kijk wel, je bent meer vergeten als dat je eruit gehaalt hebt. w8 dus nog ff met fixen.
  • [quote:42cf4b0b49="pcguy"]Ik kijk wel, je bent meer vergeten als dat je eruit gehaalt hebt. w8 dus nog ff met fixen.[/quote:42cf4b0b49] Logfile of HijackThis v1.98.2 Scan saved at 20:53:47, on 19-9-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Internet Optimizer\optimize.exe C:\program files\180solutions\msbb.exe C:\WINDOWS\System32\xavsxdch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hotbar\bin\Hbinst.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\devldr32.exe C:\Documents and Settings\Gerard\Bureaublad\Nieuwe map\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.planet.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R3 - Default URLSearchHook is missing O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\nl\msntb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\250S Series\lwbwheel.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [ojvjwto] C:\WINDOWS\System32\xavsxdch.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\LingoCom\Translator.lnk (file missing) O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program Files\LingoCom\Translator.lnk (file missing) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.planet.nl/exent/classes/ExentCtl.ocx O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
  • Kill deze processen: xavsxdch.exe istsvc.exe Verwijder in het configscherm bij software indien mogelijk: hotbar internet optimizer Sluit alle vensters run hijackthis opnieuw en fix deze items: [list:8ad60b17d0][b:8ad60b17d0]O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [msbb] c:\program files\180solutions\msbb.exe [color=red:8ad60b17d0]O4 - HKLM\..\Run: [xnpiomnhb] C:\WINDOWS\System32\xavsxdch.exe O4 - HKLM\..\Run: [pyp] C:\WINDOWS\pyp.exe O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\Hbinst.exe /Upgrade [/color:8ad60b17d0] O9 - Extra button: Related (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ [color=red:8ad60b17d0]O16 - DPF: {04B6182D-FB75-11D4-90D2-0000B4948C7C} (cre8tiv 3Di ATL Control (Internet)) - http://www.quick-step.com/distribution/cre8tiv3dix.cab O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_cracks.cab [/color:8ad60b17d0] O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)[/b:8ad60b17d0][/list:u:8ad60b17d0] Herstart in veilige modus en laat alle files weergeven, verwijder daarna indien aanwezig: [list:8ad60b17d0][b:8ad60b17d0] C:\WINDOWS\nem219.dll <--- dit bestand C:\WINDOWS\twaintec.dll <--- dit bestand C:\WINDOWS\wsem302.dll <--- dit bestand C:\WINDOWS\msopt.dll <--- dit bestand C:\Program Files\ISTsvc\istsvc.exe <--- dit bestand c:\program files\180solutions <--- deze map C:\WINDOWS\System32\xavsxdch.exe <--- dit bestand C:\WINDOWS\pyp.exe <--- dit bestand C:\Program Files\Hotbar <--- deze map C:\WINDOWS\web\related.htm[/b:8ad60b17d0][/list:u:8ad60b17d0] Herstart in normale modus en post een nieuwe log. PS. Rood is niet van toepassing voor de ts, @ turbo: alles wat niet rood is was je vergeten. Edit: niet gezien dat je een nieuwe log gepost had, heb je al iets gedaan of niet? zo nee doe eerst dit maar, zo ja meld je even.
  • [quote:f830232bb4="pcguy"]Kill deze processen: xavsxdch.exe istsvc.exe Verwijder in het configscherm bij software indien mogelijk: hotbar internet optimizer Sluit alle vensters run hijackthis opnieuw en fix deze items: [list:f830232bb4][b:f830232bb4]O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [msbb] c:\program files\180solutions\msbb.exe [color=red:f830232bb4]O4 - HKLM\..\Run: [xnpiomnhb] C:\WINDOWS\System32\xavsxdch.exe O4 - HKLM\..\Run: [pyp] C:\WINDOWS\pyp.exe O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\Hbinst.exe /Upgrade [/color:f830232bb4] O9 - Extra button: Related (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ [color=red:f830232bb4]O16 - DPF: {04B6182D-FB75-11D4-90D2-0000B4948C7C} (cre8tiv 3Di ATL Control (Internet)) - http://www.quick-step.com/distribution/cre8tiv3dix.cab O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_cracks.cab [/color:f830232bb4] O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)[/b:f830232bb4][/list:u:f830232bb4] Herstart in veilige modus en laat alle files weergeven, verwijder daarna indien aanwezig: [list:f830232bb4][b:f830232bb4] C:\WINDOWS\nem219.dll <--- dit bestand C:\WINDOWS\twaintec.dll <--- dit bestand C:\WINDOWS\wsem302.dll <--- dit bestand C:\WINDOWS\msopt.dll <--- dit bestand C:\Program Files\ISTsvc\istsvc.exe <--- dit bestand c:\program files\180solutions <--- deze map C:\WINDOWS\System32\xavsxdch.exe <--- dit bestand C:\WINDOWS\pyp.exe <--- dit bestand C:\Program Files\Hotbar <--- deze map C:\WINDOWS\web\related.htm[/b:f830232bb4][/list:u:f830232bb4] Herstart in normale modus en post een nieuwe log. PS. Rood is niet van toepassing voor de ts, @ turbo: alles wat niet rood is was je vergeten. Edit: niet gezien dat je een nieuwe log gepost had, heb je al iets gedaan of niet? zo nee doe eerst dit maar, zo ja meld je even.[/quote:f830232bb4] c:\program files\180solutions <--- deze map :\Program Files\ISTsvc\istsvc.exe <--- dit bestand C:\Program Files\Hotbar <--- deze map dit kan ik niet verwijdern
  • :evil: Buitengewoon irritant een keer of vier een topic met dezelfde log aan te maken, peacekeeper. Ik kan je verzekeren dat je de lieve vrede niet bewaart op deze manier. [b:9049fcdd04]Ik[/b:9049fcdd04] noteer je naam iig in m'n blackbook en zal je nooit meer helpen.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.