Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Graag HijckThis Log bekijken a.u.b

M@rc
16 antwoorden
  • Veel problemen met internet, verkeerde startpagina.

    Harry
  • Logfile of HijackThis v1.97.7
    Scan saved at 10:03:29, on 30-12-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    E:\D-Tools\daemon.exe
    C:\WINDOWS\system32\xpsp2fw.exe
    C:\WINDOWS\system32\C3egs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\E-Color\Common\IconMgr.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\WINDOWS\System32\devldr32.exe
    D:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:/
    ealsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/
    ealsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:/
    ealsearch.cc/?a=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/
    ealsearch.cc/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:/
    ealsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http:/
    ealsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/
    ealsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:/
    ealsearch.cc/?a=2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:/
    ealsearch.cc/?a=2
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
    O4 - HKLM\..\Run: [gnwaltcglrjn] C:\WINDOWS\System32\mpubsi.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
    O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
    O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
    O4 - HKLM\..\Run: [CD3D4A8E] C:\WINDOWS\system32\C3egs.exe
    O4 - HKLM\..\Run: [A51CB9E3] C:\WINDOWS\system32\dbrtuhh.exe
    O4 - HKLM\..\Run: [FD28916E] C:\WINDOWS\system32\SOEAueng.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
    O4 - HKCU\..\Run: [CD3D4A8E] C:\WINDOWS\system32\C3egs.exe
    O4 - HKCU\..\Run: [A51CB9E3] C:\WINDOWS\system32\dbrtuhh.exe
    O4 - HKCU\..\Run: [FD28916E] C:\WINDOWS\system32\SOEAueng.exe
    O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142XXUS
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://*.69sexsearch.com
    O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/download/8/B/E/8BE028EC-F134-4AA0-84AB-64F76D6B9842/wmsp9dmo.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://www.advnt01.com/dialer/olanda_ver3.CAB
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games22.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.4425115741
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://www.desktoplife.net/1014021.exe
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
  • Download cwshredder: http://cwshredder.net/bin/CWShredder.exe
    Laat hem scannen en fixen.

    Post daarna een hijackthislogje met de nieuwste versie van hijackthis:
    http://computercops.biz/downloads-file-328.html

    Sjaak
  • Heb je ook een andere Link naar het programma deze http://cwshredder.net/bin/CWShredder.exe werkt niet.
  • Ik heb je rad opgevolgd, hier onder staat de nieuwe log file.

    Logfile of HijackThis v1.99.0
    Scan saved at 19:12:19, on 30-12-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    E:\D-Tools\daemon.exe
    C:\WINDOWS\system32\xpsp2fw.exe
    C:\WINDOWS\system32\dbrtuhh.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\E-Color\Common\IconMgr.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    E:\Download\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:/
    ealsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http:/
    ealsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/
    ealsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:/
    ealsearch.cc/?a=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/
    ealsearch.cc/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/
    ealsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:/
    ealsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:/
    ealsearch.cc/?a=2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:/
    ealsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http:/
    ealsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http:/
    ealsearch.cc/?a=2
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
    O4 - HKLM\..\Run: [gnwaltcglrjn] C:\WINDOWS\System32\mpubsi.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
    O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
    O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
    O4 - HKLM\..\Run: [CD3D4A8E] C:\WINDOWS\system32\C3egs.exe
    O4 - HKLM\..\Run: [A51CB9E3] C:\WINDOWS\system32\dbrtuhh.exe
    O4 - HKLM\..\Run: [FD28916E] C:\WINDOWS\system32\SOEAueng.exe
    O4 - HKLM\..\Run: [CEF0FE5B] C:\WINDOWS\system32\vxryacms.exe
    O4 - HKLM\..\Run: [C9C1D8CE] C:\WINDOWS\system32\dircmpenb3.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
    O4 - HKCU\..\Run: [CD3D4A8E] C:\WINDOWS\system32\C3egs.exe
    O4 - HKCU\..\Run: [A51CB9E3] C:\WINDOWS\system32\dbrtuhh.exe
    O4 - HKCU\..\Run: [FD28916E] C:\WINDOWS\system32\SOEAueng.exe
    O4 - HKCU\..\Run: [CEF0FE5B] C:\WINDOWS\system32\vxryacms.exe
    O4 - HKCU\..\Run: [C9C1D8CE] C:\WINDOWS\system32\dircmpenb3.exe
    O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142XXUS
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://*.69sexsearch.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://www.advnt01.com/dialer/olanda_ver3.CAB
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games22.cab
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://www.desktoplife.net/1014021.exe
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  • Begin maar met volgende items te fixen:

    [b:b925bdb227]R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:/
    ealsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http:/
    ealsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/
    ealsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:/
    ealsearch.cc/?a=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/
    ealsearch.cc/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/
    ealsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:/
    ealsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:/
    ealsearch.cc/?a=2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:/
    ealsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http:/
    ealsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http:/
    ealsearch.cc/?a=2
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [gnwaltcglrjn] C:\WINDOWS\System32\mpubsi.exe
    O4 - HKLM\..\Run: [CD3D4A8E] C:\WINDOWS\system32\C3egs.exe
    O4 - HKLM\..\Run: [A51CB9E3] C:\WINDOWS\system32\dbrtuhh.exe
    O4 - HKLM\..\Run: [FD28916E] C:\WINDOWS\system32\SOEAueng.exe
    O4 - HKLM\..\Run: [CEF0FE5B] C:\WINDOWS\system32\vxryacms.exe
    O4 - HKCU\..\Run: [CD3D4A8E] C:\WINDOWS\system32\C3egs.exe
    O4 - HKCU\..\Run: [A51CB9E3] C:\WINDOWS\system32\dbrtuhh.exe
    O4 - HKCU\..\Run: [FD28916E] C:\WINDOWS\system32\SOEAueng.exe
    O4 - HKCU\..\Run: [CEF0FE5B] C:\WINDOWS\system32\vxryacms.exe
    O4 - HKCU\..\Run: [C9C1D8CE] C:\WINDOWS\system32\dircmpenb3.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142XXUS

    O15 - Trusted Zone: http://*.69sexsearch.com [/b:b925bdb227]


    Sjaak
  • Momentje, bovengaande fix is niet juist.
    Ik knutsel een nieuwe in elkaar.
  • Zorg dat alle verborgen bestanden weergegeven worden.

    Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig de volgende programma's:
    VBouncer
    Windows ServeAd]
    Windows ControlAd
    My Web Search Bar of My Search Bar en Fun Web Products Easy Installer

    Start de computer in veilige modus.

    Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
    [b:5df1a18481]
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:/
    ealsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http:/
    ealsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/
    ealsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:/
    ealsearch.cc/?a=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/
    ealsearch.cc/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/
    ealsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:/
    ealsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:/
    ealsearch.cc/?a=2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:/
    ealsearch.cc/?a=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http:/
    ealsearch.cc/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http:/
    ealsearch.cc/?a=2

    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)

    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
    O4 - HKLM\..\Run: [gnwaltcglrjn] C:\WINDOWS\System32\mpubsi.exe
    O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
    O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
    O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
    O4 - HKLM\..\Run: [CD3D4A8E] C:\WINDOWS\system32\C3egs.exe
    O4 - HKLM\..\Run: [A51CB9E3] C:\WINDOWS\system32\dbrtuhh.exe
    O4 - HKLM\..\Run: [FD28916E] C:\WINDOWS\system32\SOEAueng.exe
    O4 - HKLM\..\Run: [CEF0FE5B] C:\WINDOWS\system32\vxryacms.exe
    O4 - HKLM\..\Run: [C9C1D8CE] C:\WINDOWS\system32\dircmpenb3.exe
    O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
    O4 - HKCU\..\Run: [CD3D4A8E] C:\WINDOWS\system32\C3egs.exe
    O4 - HKCU\..\Run: [A51CB9E3] C:\WINDOWS\system32\dbrtuhh.exe
    O4 - HKCU\..\Run: [FD28916E] C:\WINDOWS\system32\SOEAueng.exe
    O4 - HKCU\..\Run: [CEF0FE5B] C:\WINDOWS\system32\vxryacms.exe
    O4 - HKCU\..\Run: [C9C1D8CE] C:\WINDOWS\system32\dircmpenb3.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

    O15 - Trusted Zone: http://*.69sexsearch.com

    O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} (VacPro.olanda_ver3) - http://www.advnt01.com/dialer/olanda_ver3.CAB
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-nl/nl/games22.cab
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://www.desktoplife.net/1014021.exe
    [/b:5df1a18481]

    Verwijder de volgende bestanden en/of mappen indien aanwezig:
    C:\PROGRA~1\VBOUNCER
    C:\Program Files\Windows ServeAd
    C:\Program Files\Windows ControlAd
    C:\Program Files\MyWebSearch

    C:\WINDOWS\System32\mpubsi.exe
    C:\WINDOWS\system32\C3egs.exe
    C:\WINDOWS\system32\dbrtuhh.exe
    C:\WINDOWS\system32\SOEAueng.exe
    C:\WINDOWS\system32\vxryacms.exe
    C:\WINDOWS\system32\dircmpenb3.exe
    C:\WINDOWS\system32\wuclient.exe
    C:\WINDOWS\system32\C3egs.exe
    C:\WINDOWS\system32\dbrtuhh.exe
    C:\WINDOWS\system32\SOEAueng.exe
    C:\WINDOWS\system32\vxryacms.exe
    C:\WINDOWS\system32\dircmpenb3.exe

    Reboot de computer, run HijackThis opnieuw en post een nieuwe log.
  • Ik geloof dat het weer goed is, Hartelijk dank voor de hulp.

    en een goede Jaarwisseling!!
    Harry

    hier nog even de log file

    Logfile of HijackThis v1.97.7
    Scan saved at 15:22:01, on 31-12-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    E:\D-Tools\daemon.exe
    C:\WINDOWS\system32\pmslesv.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\E-Color\Common\IconMgr.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AB9156FB] C:\WINDOWS\system32\pmslesv.exe
    O4 - HKLM\..\Run: [A12293F3] C:\WINDOWS\system32\rof10anm.exe
    O4 - HKLM\..\Run: [9C3C164E] C:\WINDOWS\system32\mseds.exe
    O4 - HKLM\..\Run: [ED1C2E53] C:\WINDOWS\system32\ilavc.exe
    O4 - HKLM\..\Run: [CD3D4A8E] C:\WINDOWS\system32\C3egs.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [AB9156FB] C:\WINDOWS\system32\pmslesv.exe
    O4 - HKCU\..\Run: [A12293F3] C:\WINDOWS\system32\rof10anm.exe
    O4 - HKCU\..\Run: [9C3C164E] C:\WINDOWS\system32\mseds.exe
    O4 - HKCU\..\Run: [ED1C2E53] C:\WINDOWS\system32\ilavc.exe
    O4 - HKCU\..\Run: [CD3D4A8E] C:\WINDOWS\system32\C3egs.exe
    O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142XXUS
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://*.69sexsearch.com
    O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/download/8/B/E/8BE028EC-F134-4AA0-84AB-64F76D6B9842/wmsp9dmo.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.4425115741
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
  • Harry,

    Gebruik de nieuwste versie van HijackThis om onderstaande te fixen. (laatste logje is gemaakt met een oudere versie.)

    Zorg dat alle verborgen bestanden weergegeven worden.

    Start de computer in veilige modus.

    Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
    [b:709d2a7b63]
    O4 - HKLM\..\Run: [AB9156FB] C:\WINDOWS\system32\pmslesv.exe
    O4 - HKLM\..\Run: [A12293F3] C:\WINDOWS\system32\rof10anm.exe
    O4 - HKLM\..\Run: [9C3C164E] C:\WINDOWS\system32\mseds.exe
    O4 - HKLM\..\Run: [ED1C2E53] C:\WINDOWS\system32\ilavc.exe
    O4 - HKLM\..\Run: [CD3D4A8E] C:\WINDOWS\system32\C3egs.exe

    O4 - HKCU\..\Run: [AB9156FB] C:\WINDOWS\system32\pmslesv.exe
    O4 - HKCU\..\Run: [A12293F3] C:\WINDOWS\system32\rof10anm.exe
    O4 - HKCU\..\Run: [9C3C164E] C:\WINDOWS\system32\mseds.exe
    O4 - HKCU\..\Run: [ED1C2E53] C:\WINDOWS\system32\ilavc.exe
    O4 - HKCU\..\Run: [CD3D4A8E] C:\WINDOWS\system32\C3egs.exe
    [/b:709d2a7b63]

    Verwijder de volgende bestanden en/of mappen indien aanwezig:
    C:\WINDOWS\system32\pmslesv.exe
    C:\WINDOWS\system32\rof10anm.exe
    C:\WINDOWS\system32\mseds.exe
    C:\WINDOWS\system32\ilavc.exe
    C:\WINDOWS\system32\C3egs.exe

    Reboot de computer, run HijackThis opnieuw en post een nieuwe log.
    Lukt er iets niet, meldt dit dan even.

    Marc
  • Volgens mij mag deze ook worden gefixed:

    [b:1a9493ae28]O15 - Trusted Zone: http://*.69sexsearch.com[/b:1a9493ae28]

    Sjaak
  • Gemist. :oops:
    Bedankt Sjaak.
    Voeg deze ook maar toe Harry.
  • volgens mij heb je deze ook gemist m@rc

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142XXUS
  • Het heeft even geduurd maar hier is de gerepareerde log file.

    gr Harry

    En iedereen een goed 2005 gewenst.

    Logfile of HijackThis v1.99.0
    Scan saved at 20:10:09, on 3-1-2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    E:\D-Tools\daemon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\E-Color\Common\IconMgr.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Messenger\msmsgs.exe
    E:\Download\hijackthis\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http:/
    ealsearch.cc/?a=2
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\D-Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142XXUS
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://*.69sexsearch.com
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  • Fix deze met HijackThis:
    [b:d4c20455bd]
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http:/
    ealsearch.cc/?a=2

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142XXUS

    [/b:d4c20455bd]
    Download DelDomains.inf.
    Rechtsklik er op en kies voor installeren.

    Herstart de computer en plaats een nieuwe Hijackthislog.
  • hoi Marc

    daar was ik weer met een niieuwe logfile,
    Logfile of HijackThis v1.99.0
    Scan saved at 20:39:23, on 3-1-2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    E:\D-Tools\daemon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\E-Color\Common\IconMgr.exe
    C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Messenger\msmsgs.exe
    E:\Download\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\D-Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.