Vraag & Antwoord

Beveiliging & privacy

Spoedcheck Hijack logfile

12 antwoorden
  • Logfile of HijackThis v1.98.2 Scan saved at 20:36:00, on 31-10-2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\sstray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE C:\WINDOWS\SOINTGR.EXE C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\CyberLink\PowerVCRII\Agent.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\WINDOWS\system32\drivers\SndMon32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\srv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ASUS\ASUS FM Radio\ezagent.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe c:\Program Files\Internet Explorer\IEXPLORE.EXE c:\Program Files\Internet Explorer\IEXPLORE.EXE C:\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.home.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/First2Enter/Portal/portal.html R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {21B88386-6FC8-15DF-E49D-9A6934EFDA19} - C:\DOCUME~1\Avital\APPLIC~1\WINDOW~1\This Warn.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {7A7B7620-F216-1187-B2A4-818FF03A42D5} - C:\PROGRA~1\WIA9D8~1\This Warn.exe (file missing) O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE O4 - HKLM\..\Run: [Agent] C:\Program Files\CyberLink\PowerVCRII\Agent.exe O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [eMusicClient] C:\Program Files\Winamp\eMusic\eMusicClient.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [RealSurfSaveChin] C:\Documents and Settings\All Users\Application Data\DebugDoesRealSurf\Rect ace.exe O4 - HKLM\..\Run: [SndMon32] C:\WINDOWS\system32\drivers\SndMon32.exe O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [EachFreeSizeFor] C:\Documents and Settings\All Users\Application Data\Burn2eachfree\Setup time.exe O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\srv.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EzAgent] C:\Program Files\ASUS\ASUS FM Radio\ezagent.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game12.zylomgames.com/activex/zylomloader.cab
  • Als het spoed is moet je een priority zegel op plakken. [img:7788b47ddf]http://users.skynet.be/bk329292/Priority.jpg[/img:7788b47ddf]
  • Druk op CTRL+ALT+DEL om Windows Taakbeheer te openen. Ga naar het tabblad processen en beëindig de volgende processen: MsgPlus.exe srv.exe Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer Messengerplus Switch New.net Application NewDotNet (Domains) Kijk ook of je 1 van de volgende programma’s tegenkomt tussen de geïnstalleerde softwarelijst: Lop.com LOP SEARCH Window Searching Window Active Browser Enhancer Ultimate Browser Enhancer Indien aanwezig deïnstalleer deze ook. Run nadien deze 2 uninstallers: http://lop.com/new_uninstall.exe http://lop.com/toolbar_uninstall.exe Kan je de uninstallers niet downloaden gebruik dan deze alternatieven : http://members.rogers.com/rjmac/toolbar_uninstall.exe http://members.rogers.com/rjmac/new_uninstall.exe Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren: [b:6789198028] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/First2Enter/Portal/portal.html O2 - BHO: (no name) - {21B88386-6FC8-15DF-E49D-9A6934EFDA19} - C:\DOCUME~1\Avital\APPLIC~1\WINDOW~1\This Warn.exe O2 - BHO: (no name) - {7A7B7620-F216-1187-B2A4-818FF03A42D5} - C:\PROGRA~1\WIA9D8~1\This Warn.exe (file missing) O4 - HKLM\..\Run: [RealSurfSaveChin] C:\Documents and Settings\All Users\Application Data\DebugDoesRealSurf\Rect ace.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [EachFreeSizeFor] C:\Documents and Settings\All Users\Application Data\Burn2eachfree\Setup time.exe O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\srv.exe O4 - HKLM\..\Run: [eMusicClient] C:\Program Files\Winamp\eMusic\eMusicClient.exe O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm [/b:6789198028] Als je dit gedaan hebt [url=http://users.pandora.be/marcvn/spyware/1378056.htm]start je de computer op in veilige modus[/url]. Zorg dat alle [url=http://users.pandora.be/marcvn/spyware/1117602.htm]verborgen bestanden weergegeven worden[/url], en verwijder de volgende bestanden of mappen indien aanwezig: C:\Documents and Settings\All Users\Application Data\DebugDoesRealSurf <--deze map C:\DOCUME~1\Avital\APPLIC~1\WINDOW~1 <--deze map C:\PROGRA~1\NEWDOTNET <---deze map C:\Documents and Settings\All Users\Application Data\Burn2eachfree <--deze map C:\WINDOWS\System32\srv.exe <--dit bestand C:\Program Files\Winamp\eMusic <--deze map c:\program files\First2Enter <--deze map Reboot de computer, run HijackThis opnieuw en post een nieuwe log. Dit bestand laat je scannen bij Kaspersky: http://www.kaspersky.com/remoteviruschk.html C:\WINDOWS\system32\drivers\SndMon32.exe <--dit bestand Meldt het resultaat. edit: Waarom spoed? Iedereen wil toch vlug van zijn malware af?
  • Scanned file: SndMon32.exe SndMon32.exe - packed with UPX SndMon32.exe - OK Logfile of HijackThis v1.98.2 Scan saved at 22:00:43, on 31-10-2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\sstray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE C:\WINDOWS\SOINTGR.EXE C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE C:\Program Files\CyberLink\PowerVCRII\Agent.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\WINDOWS\system32\drivers\SndMon32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ASUS\ASUS FM Radio\ezagent.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Steam\Steam.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\hijack\HijackThis.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xzhoowaypufu.com/G53Mc597iikTD2C101MUNzw332NY8BHWPfUtQLDmT9mGNaMOfRlyyYtPq64Tt0Hm.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamehol.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/First2Enter/Portal/portal.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://mysearchnow.com/passthrough/index.html?http://www.gamehol.nl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE O4 - HKLM\..\Run: [Agent] C:\Program Files\CyberLink\PowerVCRII\Agent.exe O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SndMon32] C:\WINDOWS\system32\drivers\SndMon32.exe O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EzAgent] C:\Program Files\ASUS\ASUS FM Radio\ezagent.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [grimstupid] C:\DOCUME~1\Avital\APPLIC~1\THATLI~1\Dashone.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game12.zylomgames.com/activex/zylomloader.cab p.s. Spoed omdat ik hier een andermans PC scan en niet lang hier ben. Maar inderdaad iedereen wil er snel vanaf. :wink:
  • Heb je Messengerplus gedeïnstalleerd zoals ik gevraagd had? Heb je die uninstallers gerund?
  • Messengerplus waren ze erg aan gehecht en de uninstallers werkten niet P.s. hoe betrouwbaar is MBM??? die geeft nogal hoge temps aan
  • Bull. Hier stopt met spoed de ondersteuning, Marc? ;)
  • [quote:9c02ff5596="waardd"]Messengerplus waren ze erg aan gehecht en de uninstallers werkten niet[/quote:9c02ff5596] Messengerplus is de oorzaak van het probleem. Ik geef je een fix, met backup voor als bepaalde zaken niet werken, zodat je probleem toch opgelost wordt... Doe wat ik aangeef, anders zijn we volgende maand nog bezig... Wanneer alles clean is kan je Messengerplus opnieuw installeren. Maar je kiest dan voor een installatie [b:9c02ff5596]zonder sponsors[/b:9c02ff5596]....
  • [quote:e0f0506f70="=Rieske="]Bull. Hier stopt met spoed de ondersteuning, Marc? ;)[/quote:e0f0506f70] Snap je dit nu Richard?? Vragen ze hulp, doen ze niet wat je vraagt... :wink:
  • Dit was niet om iemand aan te vallen ik liet het hier gewoon weten. Ik laat de instructies hier achter en ze gaan aan de slag en halen Plus er dus wel vanaf. Het is dus niet dat ik jullie hulp niet waardeer, in tegenstelling juist. Ik dank jullie dus na alweer van harte en hoop niet dat ik tegen een verkeerd been heb geschopt. Als dat zo is mijn excuses.
  • Ach, morgen weer maandag.
  • Hallo waardd, Die instructies worden niet voor niets gegeven. We steken daar best wat tijd in om een zo goed mogelijke fix in elkaar te steken. Belangrijk is dan dat er ook gedaan wordt wat we vragen, anders blijf je bezig. Hier had ik al vlug door, dat er iets niet klopte, maar voor hetzelfde geld steek ik (of iemand) er weer wat tijd in om een andere fix in elkaar te knutselen. En dat laatste is echt de bedoeling niet... Volg de instructies, reboot, maak een nieuwe hijackthislog en post hem. groeten, Marc

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.