Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Weer een log

None
22 antwoorden
  • PcGuy of Rieske zullen het inmiddels wel doorhebben maar ik ben regelmatig bezig om mensen te helpen met hun pc.

    Zo ook weer deze pc die gewoonweg niets meer doet wat wij willen.

    Graag jullie input (het is echt een zooi)
    [code:1:d0b84b4f57]
    Logfile of HijackThis v1.98.2
    Scan saved at 0:14:43, on 23-9-04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    D:\PROGRAM FILES\ROXIO\GOBACK\GBPOLL.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
    C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\DITASK.EXE
    C:\PROGRAM FILES\EICON TECHNOLOGY\DIVA MANAGEMENT SYSTEM\WATCH.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTTRAYAPP.EXE
    C:\WINDOWS\EROTRACKS.EXE
    C:\WINDOWS\SYSTEM\HPOOPM07.EXE
    C:\WINDOWS\SYSTEM\GSICON.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    E:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\TWINK64.EXE
    C:\WINDOWS\ADULT_PLAYUT.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\SYMANTEC\NORTON COMMANDER\NC_SCHED.EXE
    C:\PROGRAM FILES\CLOCKSYNC\SYNC.EXE
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\MSLAGENT\MSLAGENT.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\DIINFO.EXE
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
    D:\PROGRAM FILES\ROXIO\GOBACK\GBTRAY.EXE
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\SYSDOC32.EXE
    D:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.EXE
    D:\MIJN DOCUMENTEBREASTCOLLARN\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jbzdynmzsgcadfligkieho.org/tLjBtE/T_ljvse5iGPLyICyCXYTe6QjssFiG86jxeVM.jsp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?np-hklm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gxjkzhrtuiaku.uk/tLjBtE/T_lhCgyfked30ON8MFJz/VdcR/MBXdqB6JkyVmnXfuajObKn244FBsNU0.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\LBBHO.DLL
    O2 - BHO: Related Page - {B77143D5-552C-42AF-A5E6-8183FC72B9FE} - C:\WINDOWS\SYSTEM\WINNB42.DLL
    O2 - BHO: (no name) - {6D943E2C-EF6E-59E4-D1FE-DE51A86483D5} - C:\PROGRAM FILES\DELETEPILE\BROWSE JOY.EXE
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\WINDOWS\TEMP\msntb.dll
    O3 - Toolbar: Related Page - {B77143D4-552C-42AF-A5E6-8183FC72B9FE} - C:\WINDOWS\SYSTEM\WINNB42.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [DiTask] "C:\WINDOWS\ditask.exe"
    O4 - HKLM\..\Run: [EICONCARD_DAEMON] "C:\Program Files\Eicon Technology\DIVA Management System\WATCH.EXE"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [GhostStartTrayApp] D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [NPROTECT] D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [QD FastAndSafe] D:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
    O4 - HKLM\..\Run: [Erotracks] C:\WINDOWS\Erotracks.exe /quiet
    O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [Atom stop] C:\PROGRA~1\GRIDTO~1\idlecreative.exe
    O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Plus program bias spam] C:\WINDOWS\Application Data\Globalaceplusprogram\The Cash.exe
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile
    O4 - HKLM\..\Run: [ADULT_PLAYUT] C:\WINDOWS\ADULT_PLAYUT.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] D:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: [NPROTECT] D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKLM\..\RunServices: [GoBack Polling Service] D:\Program Files\Roxio\GoBack\GBPoll.exe
    O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE
    O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
    O4 - HKLM\..\RunServices: [GhostStartService] D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
    O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [NC Scheduler] C:\PROGRAM FILES\SYMANTEC\NORTON COMMANDER\NC_SCHED.EXE /Hide
    O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
    O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
    O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1020.dll,InstantAccess
    O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT.EXE
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = D:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
    O4 - Startup: GoBack.lnk = D:\Program Files\Roxio\GoBack\GBTray.exe
    O4 - Startup: Norton System Doctor.lnk = D:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
    O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe
    O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\UNWISE.EXE
    O4 - Startup: FlashTalk.lnk = C:\Program Files\Norton Internet Security\IAMSTATS.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O12 - Plugin for .mid: C:\PROGRA~1\Intern~1\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .wav: C:\PROGRA~1\Intern~1\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .BMP: C:\PROGRA~1\INTERN~1\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS
    pqtplugin.dll
    O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://members.aol.com/mo92674/cam.cab
    O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://paradise.s-x.nl/exe/paradise/adultonlynl.exe
    O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://dialer.midhold.nl/31/erotracks/erotracks_plugin.exe
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} (AuroraCtrl Class) - http://www.icebergradio.com/aurora/1.0.2.259/client.cab
    O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http:/
    d1.surfernetwork.com/surferplugin.ocx
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/nl/5/060190nl.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.com/cabs/875457.cab
    O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
    O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:
    osuch.mht!http://213.159.117.131/dl/dmitriy/x.chm::/load.exe
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://www.008i.com//x//f//96676/msits.exe
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1020_EN.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
    O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.mtreexxx.nl/mt/dialers/fc/UniDist.CAB
    O21 - SSODL: System - {CE614E21-4FFE-4E84-98BB-1628017F6129} - C:\WINDOWS\system32\system32.dll

    [/code:1:d0b84b4f57]
  • Je hebt gelijk het is een echte zooi!
    Misschien is het handig als jij een en ander doet zodat een lijst wat korter wordt.
    1- Verwijder MSN Plus. Je kan het later opnieuw instaleren maar..adviseer mensen om tijdens installatie toch 1 en ander te lezen. Bijv. bij MSN Plus om te kiezen voor een installatie ZONDER sponsors.
    2- Download : CWShredder, AdAware, Spybot, Spywareguard en SpywareBlaster. Poets de PC op met CWShredder, vervolgens instaleer overige 4 programma’s, [u:9308c78a37]update deze en laat Spybot en AdAware de “rommel” weghalen.[/u:9308c78a37]3- Als je dat hebt gedaan, plaats dan een nieuwe Hijack Log, dan ziet het anders uit.
  • na het verwijderen van imesh/client/unwise.exe

    start outlook niet meer?
  • [code:1:947c01bb14]
    Logfile of HijackThis v1.98.2
    Scan saved at 14:29:40, on 23-9-04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    D:\PROGRAM FILES\ROXIO\GOBACK\GBPOLL.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\DITASK.EXE
    C:\PROGRAM FILES\EICON TECHNOLOGY\DIVA MANAGEMENT SYSTEM\WATCH.EXE
    C:\WINDOWS\LOADQM.EXE
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTTRAYAPP.EXE
    C:\WINDOWS\SYSTEM\HPOOPM07.EXE
    C:\WINDOWS\SYSTEM\GSICON.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    E:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\TWINK64.EXE
    C:\PROGRAM FILES\SYMANTEC\NORTON COMMANDER\NC_SCHED.EXE
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\DIINFO.EXE
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
    D:\PROGRAM FILES\ROXIO\GOBACK\GBTRAY.EXE
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\SYSDOC32.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.EXE
    D:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.EXE
    C:\WINDOWS\EXPLORER.EXE
    D:\MIJN DOCUMENTEBREASTCOLLARN\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.searchwords.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Related Page - {B77143D5-552C-42AF-A5E6-8183FC72B9FE} - C:\WINDOWS\SYSTEM\WINNB42.DLL (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\WINDOWS\TEMP\msntb.dll
    O3 - Toolbar: Related Page - {B77143D4-552C-42AF-A5E6-8183FC72B9FE} - C:\WINDOWS\SYSTEM\WINNB42.DLL (file missing)
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [DiTask] "C:\WINDOWS\ditask.exe"
    O4 - HKLM\..\Run: [EICONCARD_DAEMON] "C:\Program Files\Eicon Technology\DIVA Management System\WATCH.EXE"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [GhostStartTrayApp] D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [NPROTECT] D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [QD FastAndSafe] D:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
    O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] D:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: [NPROTECT] D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKLM\..\RunServices: [GoBack Polling Service] D:\Program Files\Roxio\GoBack\GBPoll.exe
    O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE
    O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
    O4 - HKLM\..\RunServices: [GhostStartService] D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
    O4 - HKCU\..\Run: [NC Scheduler] C:\PROGRAM FILES\SYMANTEC\NORTON COMMANDER\NC_SCHED.EXE /Hide
    O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
    O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1020.dll,InstantAccess
    O4 - Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = D:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
    O4 - Startup: GoBack.lnk = D:\Program Files\Roxio\GoBack\GBTray.exe
    O4 - Startup: Norton System Doctor.lnk = D:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
    O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe
    O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\UNWISE.EXE
    O4 - Startup: FlashTalk.lnk = C:\Program Files\Norton Internet Security\IAMSTATS.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O12 - Plugin for .mid: C:\PROGRA~1\Intern~1\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .wav: C:\PROGRA~1\Intern~1\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .BMP: C:\PROGRA~1\INTERN~1\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS
    pqtplugin.dll
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} (AuroraCtrl Class) - http://www.icebergradio.com/aurora/1.0.2.259/client.cab
    O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http:/
    d1.surfernetwork.com/surferplugin.ocx
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/nl/5/060190nl.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.com/cabs/875457.cab
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1020_EN.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab


    [/code:1:947c01bb14]
  • ben bezig
  • gelukkig,

    Ik zie er zelf ook een aantal maar als ik die weghaal dan start outlook niet meer

    hij geeft dan aan dat outlook geen toegang heeft tot outlook.pst

    dus maar GO-back gebruikt :oops:
  • Het is hier blijkbaar al norton-symantectoestanden wat de klok slaat op deze pc… die moet serieus aan het geheugen vreten.. maar soit.. doe eerst even een online antivirusscan die verschillend is met degene van symantec: Kijk eens op volgende link.
    http://www.lobika.be/Virus/onlinescanners.htm

    Persoonlijk raad ik bitdefender en housecall aan. ;-)
    Post daarna een nieuw logje.
  • dat norton regel ik later wel..

    virusscanners gaven niets aan. SpybotSD en add-aware hebben al meer dan 300 dingen gevonden en gefixt, die geven nu niets meer aan.

    alleen dat imesh kan ik nergens vinden…

    ik zie ook wel de erotracks en zo maar hoe krijg ik dat echt weg
  • Deinstaleer eerst imesh in software in configscherm,

    In taakbeheer kill je deze processen indien draaiend:
    [list:c0879ab299][b:c0879ab299]twink64.exe
    P2P NETWORKING.EXE[/b:c0879ab299][/list:u:c0879ab299]

    Sluit alle vensters en run hijackthis opnieuw, fix deze:

    [list:c0879ab299][b:c0879ab299]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.searchwords.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: Related Page - {B77143D5-552C-42AF-A5E6-8183FC72B9FE} - C:\WINDOWS\SYSTEM\WINNB42.DLL (file missing)
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\WINDOWS\TEMP\msntb.dll
    O3 - Toolbar: Related Page - {B77143D4-552C-42AF-A5E6-8183FC72B9FE} - C:\WINDOWS\SYSTEM\WINNB42.DLL (file missing)
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1020.dll,InstantAccess
    O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/nl/5/060190nl.exe
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -[/b:c0879ab299][/list:u:c0879ab299]

    Herstart in safe mode en laat alle bestanden weergeven, verwijder deze indien aanwezig:
    [list:c0879ab299][b:c0879ab299]C:\PROGRAM FILES\MYWAY <— deze file
    C:\WINDOWS\TEMP <— leeg deze map
    C:\WINDOWS\SYSTEM\P2P NETWORKING <— deze map
    C:\WINDOWS\SYSTEM\twink64.exe <— deze file
    internat.dll <— deze file (waarschijnlijk in c:\windows of c:\windows\system32)
    p2esocks_1020.dll <— deze file waarschijnlijk in c:\windows of c:\windows system32)[/b:c0879ab299][/list:u:c0879ab299]

    herstart en post een nieuw logje,


    Je hebt trouwens wel een lading aan norton, gooi dat er eens af dan ben je van de meeste ellende verlost,
  • Ik zal op je vertrouwen pcguy maar ik zogoed als hetzelfde gedaan en toen gaf hij die bovenstaande foutmelding bij outlook.
  • Sorry voor het onderbreken Guy, maar er zit meer troep (adware/spyware/trojans) op de pc die je aangegeven hebt.. dus daarom deze aanvulling ;-)

    fixen in hijackthis:

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.linksummary.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.linksummary.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jbzdynmzsgcadfligkieho.org/tLjBtE/T_ljvse5iGPLyICyCXYTe6QjssFiG86jxeVM.jsp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?np-hklm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gxjkzhrtuiaku.uk/tLjBtE/T_lhCgyfked30ON8MFJz/VdcR/MBXdqB6JkyVmnXfuajObKn244FBsNU0.asp
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\LBBHO.DLL
    O2 - BHO: Related Page - {B77143D5-552C-42AF-A5E6-8183FC72B9FE} - C:\WINDOWS\SYSTEM\WINNB42.DLL
    O2 - BHO: (no name) - {6D943E2C-EF6E-59E4-D1FE-DE51A86483D5} - C:\PROGRAM FILES\DELETEPILE\BROWSE JOY.EXE
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O3 - Toolbar: Related Page - {B77143D4-552C-42AF-A5E6-8183FC72B9FE} - C:\WINDOWS\SYSTEM\WINNB42.DLL
    O4 - HKLM\..\Run: [Erotracks] C:\WINDOWS\Erotracks.exe /quiet
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [Atom stop] C:\PROGRA~1\GRIDTO~1\idlecreative.exe
    O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
    O4 - HKLM\..\Run: [Plus program bias spam] C:\WINDOWS\Application Data\Globalaceplusprogram\The Cash.exe
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile
    O4 - HKLM\..\Run: [ADULT_PLAYUT] C:\WINDOWS\ADULT_PLAYUT.EXE
    O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
    O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
    O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT.EXE
    O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://members.aol.com/mo92674/cam.cab
    O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://paradise.s-x.nl/exe/paradise/adultonlynl.exe
    O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://dialer.midhold.nl/31/erotracks/erotracks_plugin.exe
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} (AuroraCtrl Class) - http://www.icebergradio.com/aurora/1.0.2.259/client.cab
    O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http:/
    d1.surfernetwork.com/surferplugin.ocx
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
    O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/nl/5/060190nl.exe
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.com/cabs/875457.cab
    O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
    O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:
    osuch.mht!http://213.159.117.131/dl/dmitriy/x.chm::/load.exe
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://www.008i.com//x//f//96676/msits.exe
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1020_EN.cab
    O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.mtreexxx.nl/mt/dialers/fc/UniDist.CAB
    O21 - SSODL: System - {CE614E21-4FFE-4E84-98BB-1628017F6129} - C:\WINDOWS\system32\system32.dll

    Daarna pc opstarten in veilige mode en volgende manueel verwijderen:

    C:\WINDOWS\LBBHO.DLL
    C:\WINDOWS\SYSTEM\WINNB42.DLL
    C:\PROGRAM FILES\DELETEPILE\ <== deze map
    C:\PROGRAM FILES\MYWAY\ <== deze map
    C:\WINDOWS\Erotracks.exe
    C:\WINDOWS\SYSTEM\P2P NETWORKING <== deze map
    C:\PROGRAm files\GRIDTO~1 <==deze map
    C:\WINDOWS\SYSTEM\A.EXE
    C:\WINDOWS\Application Data\Globalaceplusprogram\ <==deze map
    C:\WINDOWS\ADULT_PLAYUT.EXE
    C:\Program Files\ClockSync <==deze map
    C:\Program Files\Forbes\ <==deze map
    C:\WINDOWS\mslagent\MSLAGENT.EXE
    C:\WINDOWS\system32\system32.dll

    kijk ook eens of C:\windows\secure.html aanwezig is en verwijder die ook.

    Succes. ;-)
  • Miekiemoes, volgens mij kijk je naar de 1e log ipv naar de 2e?
  • ow ja.. is juist.. hahaha.. thx. :oops: Dus ja, hetgeen je nog vindt in hijackthis en op je pc fixen.. :D
  • @miekemoes

    die oplossingen van jou gaan over mijn 1ste log toch?

    ik kan in de 2e die o.a. c:\windows\system\a.exe niet meer vinden
  • ja idd sander.. had de tweede log nl. niet gezien.. Kmoet dringend een bril kopen dus… :D
  • en het log weer
    [code:1:aeef6c40ea]
    Logfile of HijackThis v1.98.2
    Scan saved at 17:35:53, on 23-9-04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    D:\PROGRAM FILES\ROXIO\GOBACK\GBPOLL.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\DITASK.EXE
    C:\PROGRAM FILES\EICON TECHNOLOGY\DIVA MANAGEMENT SYSTEM\WATCH.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTTRAYAPP.EXE
    C:\WINDOWS\SYSTEM\HPOOPM07.EXE
    C:\WINDOWS\SYSTEM\GSICON.EXE
    E:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\PROGRAM FILES\SYMANTEC\NORTON COMMANDER\NC_SCHED.EXE
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
    C:\WINDOWS\SYSTEM\DIINFO.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
    D:\PROGRAM FILES\ROXIO\GOBACK\GBTRAY.EXE
    D:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
    D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\SYSDOC32.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    D:\MIJN DOCUMENTEBREASTCOLLARN\HIJACKTHIS.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [DiTask] "C:\WINDOWS\ditask.exe"
    O4 - HKLM\..\Run: [EICONCARD_DAEMON] "C:\Program Files\Eicon Technology\DIVA Management System\WATCH.EXE"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [GhostStartTrayApp] D:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [NPROTECT] D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [QD FastAndSafe] D:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
    O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] D:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: [NPROTECT] D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKLM\..\RunServices: [GoBack Polling Service] D:\Program Files\Roxio\GoBack\GBPoll.exe
    O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE
    O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
    O4 - HKLM\..\RunServices: [GhostStartService] D:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
    O4 - HKCU\..\Run: [NC Scheduler] C:\PROGRAM FILES\SYMANTEC\NORTON COMMANDER\NC_SCHED.EXE /Hide
    O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
    O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
    O4 - Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = D:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
    O4 - Startup: GoBack.lnk = D:\Program Files\Roxio\GoBack\GBTray.exe
    O4 - Startup: Norton System Doctor.lnk = D:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
    O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe
    O4 - Startup: FlashTalk.lnk = C:\Program Files\Norton Internet Security\IAMSTATS.EXE
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O12 - Plugin for .mid: C:\PROGRA~1\Intern~1\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .wav: C:\PROGRA~1\Intern~1\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .BMP: C:\PROGRA~1\INTERN~1\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS
    pqtplugin.dll
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} (AuroraCtrl Class) - http://www.icebergradio.com/aurora/1.0.2.259/client.cab
    O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http:/
    d1.surfernetwork.com/surferplugin.ocx
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} - http://download.getmirar.com/cabs/875457.cab
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1020_EN.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab


    [/code:1:aeef6c40ea]

    edit: de pc blijft om een verbinding vragen bij het opstarten..
  • deze is ook nog gerelateerd met adware:
    O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe

    verwijder daarna:
    C:\Program Files\Forbes\<==deze map

    welke melding krijg je juist bij het opstarten?
  • Gewoon zo'n venstertje met de inbelverbinding.

    er is dus iets wat verbinding wil maken met internet. alleen ik kan er niet achter komen wat


    edit

    Deze zijn veilig?

    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe

    en al die 012 en 016??
  • Volg de raad van Miekiemoes op en doe een online scan bij bitdefender: http://www.bitdefender.com/scan/licence.php

    Herstart en post een nieuwe log,
  • gsicon.exe is de ADSL modem monitor van Eicon Networks. Is eigenlijk niet echt noodzakelijk, het geeft enkel maar info wat betreft je connectie. Nu ja, je hoeft het niet te verwijderen.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.