Vraag & Antwoord

Beveiliging & privacy

HijackTHis log

11 antwoorden
  • Beste mensen ik heb al enige tijd last van de volgende fout melding, deze melding krijg ik als ik een nieuw venster op internet open. [i:212ef5d179]Notice: IF your computer has errors in the registry database or file systym, it could cause unpredictabe or erratic behavior, freezes and crashes. Fixing these errors can increase your computer's performance and prevent data loss. Would you like to install WinFixer 2005 to check your computer for free? (recommended)[/i:212ef5d179] Nu weet ik dat WinFixer zijn naam geen eer aan doet, nu ben ik via internet er achter gekomen dat een HIjackThis log het probleem kan opsporen. Wie wil even naar het onderstaande log kijken en aan geven wat het probleem is (PS heb de computer al meerder malen gecontroleerd op virussen en spyware) [color=darkblue:212ef5d179]Logfile of HijackThis v1.99.1 Scan saved at 18:41:01, on 8-8-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\BearShare\BearShare.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\stickies\stickies.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Leon\Mijn documenten\Mijn ontvangen bestanden\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ctenschede.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O2 - BHO: (no name) - {E3C0031E-7F9D-4C9A-A077-325BCC1D8493} - C:\WINDOWS\System32\jmea.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG1 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://edapp01.saxion.nl/qp2.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ebmsg04.saxion.nl/iNotes6W.cab O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\gqedit.dll O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe[/color:212ef5d179] Bijvoorbaat dank leon :D
  • Download en installeer [url=http://www.ccleaner.com/]CCleaner[/url] Nog niet gebruiken. Klik op Start-> Configuratiescherm-> Software Kijk of één van de volgende programma's in de lijst staan: [b:012654802b]MyWay Speed Bar My Search Bar My Web Search Bar Fun Web Products Easy Installer[/b:012654802b]Verwijder deze software. verwijder ook het volgende programma: [b:012654802b]Bearshare[/b:012654802b] Er zijn betere P2P programma's. Kijk eens op de volgende site (engels-talig) http://www.spywareinfo.com/articles/p2p/ Download L2mfix van één van onderstaande locaties: http://www.atribune.org/downloads/l2mfix.exe http://www.downloads.subratam.org/l2mfix.exe Plaats het bestand op je buroblad. Klik op l2mfix.exe. Klik op "Accept". Zorg dat de l2mfix-map op je bureaublad geplaatst wordt. Klik op "Install". Op je bureaublad open je de map l2mfix. Klik op l2mfix.bat. Klik op "1" om optie te 1 selecteren: Run Find Log. Dit gaat even duren. Na een tijdje wordt er een kladblokbestand geopend. Copieer de inhoud van dat log en post dat. Post gelijk ook een nieuw log van hijackthis. Sjaak
  • dit kwam ik tege kwa kwade files: C:\Program Files\stickies\stickies.exe O2 - BHO: (no name) - {E3C0031E-7F9D-4C9A-A077-325BCC1D8493} - C:\WINDOWS\System32\jmea.dll (file missing) O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154 wtf is stickies ik zou zegge deleten die hap. En je ziet ok dat je last hebt van toolbars. Kijk ook ff bij start>uitvoeren>msconfig en schakel stickies en dat shit uit ook van my search bar
  • @nelis44 Dit zijn stickies: http://www.zdnet.be/downloads.cfm?id=31008 We proberen hier via normale instructies een computer te ontdoen van malware. Bij twijfel kan altijd van de TS een antwoord komen over wat het programma stickies zou kunnen zijn. Sjaak
  • Thank you
  • Sjaak De HijackThis LOg [color=darkblue:4888a2eaf0]Logfile of HijackThis v1.99.1 Scan saved at 8:38:06, on 9-8-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\stickies\stickies.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Leon\Mijn documenten\Mijn ontvangen bestanden\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ctenschede.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O2 - BHO: (no name) - {E3C0031E-7F9D-4C9A-A077-325BCC1D8493} - C:\WINDOWS\System32\jmea.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://edapp01.saxion.nl/qp2.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ebmsg04.saxion.nl/iNotes6W.cab O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\gqedit.dll O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe[/color:4888a2eaf0] en het L2MFIX log [color=darkblue:4888a2eaf0]L2MFIX find log 1.03 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\gqedit.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{1EE11212-A1DE-EBBB-54C9-EA2EABCC3D9A}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschappenvenster van multimediabestand" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerbeheer" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Het tabblad Beveiliging" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Eigenschappenblad voor OLE-docbestand" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell-uitbreidingen voor delen" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldschermadapter" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Monitor" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldscherm-panning" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Het tabblad Beveiliging" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibiliteitspagina" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Knipselgegevensverwerker van shell" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Schijfkopieer-uitbreiding" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell-uitbreidingen voor Microsoft Windows Network-objecten" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-monitorbeheer" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerbeheer" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell-uitbreidingen voor bestandscompressie" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shell-uitbreiding voor Web Printer" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Snelmenu Codering" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Werkmap" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-pictogramuitbreiding" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiel" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Het tabblad Beveiliging voor printers" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell-uitbreidingen voor delen" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-extensie" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto-handtekeningextensie" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netwerkverbindingen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netwerkverbindingen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners en camera's" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners en camera's" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners en camera's" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners en camera's" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners en camera's" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Uitbreiding voor Auto Update-eigenschappenvenster" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-uitbreidingen voor Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplande taken" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taakbalk en menu Start" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Zoeken" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uitvoeren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Lettertypen" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Systeembeheer" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-werkbalk" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Downloadstatus" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Uitgebreide shell-map" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Uitgebreide shell-map 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft-browserbalk" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Zoekbalk" "{32683183-48a0-441b-a342-7c2a440a9478}"="Mediabalk" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Zoeken binnen deelvenster" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Zoeken op het web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Hulpprogramma met opties voor registerboomstructuur" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoAanvullen" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU-lijst voor AutoAanvullen" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Aangepaste MRU-lijst voor AutoAanvullen" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Toegankelijk" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Pop-upbalk Volgen" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Parser voor adresbalk" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lijst voor AutoAanvullen: Microsoft Geschiedenis" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Lijst voor AutoAanvullen: Microsoft Shell-map" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft-container met meervoudige lijst voor AutoAanvullen" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Sitemenu van shell-band" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Gebruikersondersteuning" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globale mapinstellingen" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url-geschiedenisservice" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Geschiedenis" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url-zoeken Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-welkomstscherm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Het Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Cachemap van ActiveX" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Map met abonnementen" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Toepassingsbeheer" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Programma voor inventarisatie van ge‹nstalleerde toepassingen" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI- en bestandsextractieprogramma voor miniaturen" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informatie over de handler voor miniatuurweergaven (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-extractie voor miniatuurweergaven" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Wizard Webpublicaties" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Afdrukken via het web bestellen" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell-object voor publicatiewizard" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Wizard Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Gebruikersaccounts" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanaal-bestand" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanaal-snelkoppeling" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Handler-object voor kanalen" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Map Off line bestanden" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Personen..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webmappen" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b5 (beta test) Context Menu Shell Extension" "{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b5 (beta test) DragDrop Shell Extension" "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b5 (beta test) Context Menu Shell Extension" "{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b5 (beta test) Property Sheet Shell Extension" "{886D5BAA-1FEA-479D-9FB2-1B8F9F5C3DC3}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{886D5BAA-1FEA-479D-9FB2-1B8F9F5C3DC3}] @="" [HKEY_CLASSES_ROOT\CLSID\{886D5BAA-1FEA-479D-9FB2-1B8F9F5C3DC3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{886D5BAA-1FEA-479D-9FB2-1B8F9F5C3DC3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{886D5BAA-1FEA-479D-9FB2-1B8F9F5C3DC3}\InprocServer32] @="C:\\WINDOWS\\system32\\rhsutils.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ brsesrv.dll Fri 1 Jul 2005 23:29:48 ..S.R 417.792 408,00 K utpnpmgr.dll Fri 1 Jul 2005 23:30:00 ..S.R 417.792 408,00 K dqnhpast.dll Mon 11 Jul 2005 22:19:42 ..S.R 417.792 408,00 K rhcdll.dll Mon 11 Jul 2005 22:20:18 ..S.R 417.792 408,00 K kfdtuf.dll Thu 14 Jul 2005 21:55:34 ..S.R 417.792 408,00 K dksrslvr.dll Thu 14 Jul 2005 23:02:18 ..S.R 417.792 408,00 K atl71.dll Wed 6 Jul 2005 17:17:28 A.... 89.088 87,00 K msvcp71.dll Wed 6 Jul 2005 17:17:28 A.... 499.712 488,00 K mfc71.dll Wed 6 Jul 2005 17:17:28 A.... 1.060.864 1,01 M msvcr71.dll Wed 6 Jul 2005 17:17:28 A.... 348.160 340,00 K nbdsapi.dll Thu 21 Jul 2005 22:11:00 ..S.R 417.792 408,00 K eaentcls.dll Thu 21 Jul 2005 22:11:54 ..S.R 417.792 408,00 K mxvidc32.dll Thu 21 Jul 2005 22:12:54 ..S.R 417.792 408,00 K suripto.dll Thu 21 Jul 2005 23:13:36 ..S.R 417.792 408,00 K subrccsp.dll Thu 21 Jul 2005 23:13:48 ..S.R 417.792 408,00 K vvdex.dll Thu 21 Jul 2005 23:20:10 ..S.R 417.792 408,00 K uutfs.dll Fri 22 Jul 2005 0:32:52 ..S.R 417.792 408,00 K muxoci.dll Fri 22 Jul 2005 0:33:24 ..S.R 417.792 408,00 K gqedit.dll Mon 25 Jul 2005 9:07:20 ..S.R 417.792 408,00 K decompos.dll Mon 25 Jul 2005 19:08:36 ..S.R 417.792 408,00 K rxsser.dll Mon 25 Jul 2005 20:29:40 ..S.R 417.792 408,00 K rhsutils.dll Tue 9 Aug 2005 8:30:24 ..S.R 417.792 408,00 K 22 items found: 22 files (18 H/S), 0 directories. Total of file sizes: 9.518.080 bytes 9,07 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Sun 3 Jul 2005 2:13:56 ..S.R 417.792 408,00 K 1 item found: 1 file (1 H/S), 0 directories. Total of file sizes: 417.792 bytes 408,00 K ********************************************************************************** Directory Listing of system files: De volumenaam van station C is DRIVE C Het volumenummer is 042C-07EB Map van C:\WINDOWS\System32 09-08-2005 08:30 417.792 rhsutils.dll 25-07-2005 20:29 417.792 rXsser.dll 25-07-2005 19:08 417.792 decompos.dll 25-07-2005 09:07 417.792 gqedit.dll 22-07-2005 00:33 417.792 muxoci.dll 22-07-2005 00:32 417.792 uutfs.dll 21-07-2005 23:20 417.792 vvdex.dll 21-07-2005 23:13 417.792 subrccsp.dll 21-07-2005 23:13 417.792 suripto.dll 21-07-2005 22:12 417.792 mxvidc32.dll 21-07-2005 22:11 417.792 eaentcls.dll 21-07-2005 22:11 417.792 nbdsapi.dll 14-07-2005 23:02 417.792 dksrslvr.dll 14-07-2005 21:55 417.792 kfdtuf.dll 11-07-2005 22:20 417.792 rhcdll.dll 11-07-2005 22:19 417.792 dqnhpast.dll 03-07-2005 02:13 417.792 guard.tmp 01-07-2005 23:30 417.792 utpnpmgr.dll 01-07-2005 23:29 417.792 bRsesrv.dll 11-04-2004 15:22 <DIR> Microsoft 11-04-2004 14:00 <DIR> dllcache 19 bestand(en) 7.938.048 bytes 2 map(pen) 3.642.359.808 bytes beschikbaar[/color:4888a2eaf0]
  • Ik had gevraagd om 2 programma's te deïnstalleren. Heb je dat ook uitgevoerd? Dubbelklik op l2mfix.bat. Klik op "2" om optie 2 te selecteren: Run Fix. Druk op Enter. Druk op een toets om de computer opnieuw te starten wanneer dit gevraagd wordt. Na de reboot verschijnen de ikonen op je desktop. Deze zullen weer verdwijnen. (dat is normaal). L2mfix gaat je computer scannen. Wanneer het klaar is wordt er een nieuw kladblokbestand geopend. Copieer de inhoud van dat log tesamen met een nieuw log van hijackthis.
  • Ja, ik heb bearshare en My Search bar verwijderd. L2Mfix log [color=darkblue:d23126d301]L2Mfix 1.03a Running From: C:\Documents and Settings\Leon\Bureaublad\l2mfix RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read INGEBOUWD\Gebruikers (ID-IO) ALLOW Read INGEBOUWD\Gebruikers (ID-NI) ALLOW Read INGEBOUWD\Hoofdgebruikers (ID-IO) ALLOW Read INGEBOUWD\Hoofdgebruikers (ID-NI) ALLOW Full access INGEBOUWD\Administrators (ID-IO) ALLOW Full access INGEBOUWD\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access MAKER EIGENAAR Setting registry permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Denying C(CI) access for predefined group "Administrators" - adding new ACCESS DENY entry Registry Permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (CI) DENY --C------- INGEBOUWD\Administrators (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read INGEBOUWD\Gebruikers (ID-IO) ALLOW Read INGEBOUWD\Gebruikers (ID-NI) ALLOW Read INGEBOUWD\Hoofdgebruikers (ID-IO) ALLOW Read INGEBOUWD\Hoofdgebruikers (ID-NI) ALLOW Full access INGEBOUWD\Administrators (ID-IO) ALLOW Full access INGEBOUWD\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access MAKER EIGENAAR Setting up for Reboot Starting Reboot! C:\Documents and Settings\Leon\Bureaublad\l2mfix System Rebooted! Running From: C:\Documents and Settings\Leon\Bureaublad\l2mfix killing explorer and rundll32.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1260 'explorer.exe' Killing PID 1260 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1496 'rundll32.exe' Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Backing Up: C:\WINDOWS\system32\bRsesrv.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\bRsesrv.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\utpnpmgr.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\utpnpmgr.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\dqnhpast.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\dqnhpast.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\rhcdll.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\rhcdll.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\kfdtuf.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\kfdtuf.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\dksrslvr.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\dksrslvr.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\nbdsapi.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\nbdsapi.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\eaentcls.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\eaentcls.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\mxvidc32.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\mxvidc32.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\suripto.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\suripto.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\subrccsp.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\subrccsp.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\vvdex.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\vvdex.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\uutfs.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\uutfs.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\muxoci.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\muxoci.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\gqedit.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\gqedit.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\decompos.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\decompos.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\rXsser.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\rXsser.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\oupdx32.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\oupdx32.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\mcsec.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\mcsec.dll 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\guard.tmp 1 bestand(en) gekopieerd. Backing Up: C:\WINDOWS\system32\guard.tmp 1 bestand(en) gekopieerd. deleting: C:\WINDOWS\system32\bRsesrv.dll Successfully Deleted: C:\WINDOWS\system32\bRsesrv.dll deleting: C:\WINDOWS\system32\bRsesrv.dll Successfully Deleted: C:\WINDOWS\system32\bRsesrv.dll deleting: C:\WINDOWS\system32\utpnpmgr.dll Successfully Deleted: C:\WINDOWS\system32\utpnpmgr.dll deleting: C:\WINDOWS\system32\utpnpmgr.dll Successfully Deleted: C:\WINDOWS\system32\utpnpmgr.dll deleting: C:\WINDOWS\system32\dqnhpast.dll Successfully Deleted: C:\WINDOWS\system32\dqnhpast.dll deleting: C:\WINDOWS\system32\dqnhpast.dll Successfully Deleted: C:\WINDOWS\system32\dqnhpast.dll deleting: C:\WINDOWS\system32\rhcdll.dll Successfully Deleted: C:\WINDOWS\system32\rhcdll.dll deleting: C:\WINDOWS\system32\rhcdll.dll Successfully Deleted: C:\WINDOWS\system32\rhcdll.dll deleting: C:\WINDOWS\system32\kfdtuf.dll Successfully Deleted: C:\WINDOWS\system32\kfdtuf.dll deleting: C:\WINDOWS\system32\kfdtuf.dll Successfully Deleted: C:\WINDOWS\system32\kfdtuf.dll deleting: C:\WINDOWS\system32\dksrslvr.dll Successfully Deleted: C:\WINDOWS\system32\dksrslvr.dll deleting: C:\WINDOWS\system32\dksrslvr.dll Successfully Deleted: C:\WINDOWS\system32\dksrslvr.dll deleting: C:\WINDOWS\system32\nbdsapi.dll Successfully Deleted: C:\WINDOWS\system32\nbdsapi.dll deleting: C:\WINDOWS\system32\nbdsapi.dll Successfully Deleted: C:\WINDOWS\system32\nbdsapi.dll deleting: C:\WINDOWS\system32\eaentcls.dll Successfully Deleted: C:\WINDOWS\system32\eaentcls.dll deleting: C:\WINDOWS\system32\eaentcls.dll Successfully Deleted: C:\WINDOWS\system32\eaentcls.dll deleting: C:\WINDOWS\system32\mxvidc32.dll Successfully Deleted: C:\WINDOWS\system32\mxvidc32.dll deleting: C:\WINDOWS\system32\mxvidc32.dll Successfully Deleted: C:\WINDOWS\system32\mxvidc32.dll deleting: C:\WINDOWS\system32\suripto.dll Successfully Deleted: C:\WINDOWS\system32\suripto.dll deleting: C:\WINDOWS\system32\suripto.dll Successfully Deleted: C:\WINDOWS\system32\suripto.dll deleting: C:\WINDOWS\system32\subrccsp.dll Successfully Deleted: C:\WINDOWS\system32\subrccsp.dll deleting: C:\WINDOWS\system32\subrccsp.dll Successfully Deleted: C:\WINDOWS\system32\subrccsp.dll deleting: C:\WINDOWS\system32\vvdex.dll Successfully Deleted: C:\WINDOWS\system32\vvdex.dll deleting: C:\WINDOWS\system32\vvdex.dll Successfully Deleted: C:\WINDOWS\system32\vvdex.dll deleting: C:\WINDOWS\system32\uutfs.dll Successfully Deleted: C:\WINDOWS\system32\uutfs.dll deleting: C:\WINDOWS\system32\uutfs.dll Successfully Deleted: C:\WINDOWS\system32\uutfs.dll deleting: C:\WINDOWS\system32\muxoci.dll Successfully Deleted: C:\WINDOWS\system32\muxoci.dll deleting: C:\WINDOWS\system32\muxoci.dll Successfully Deleted: C:\WINDOWS\system32\muxoci.dll deleting: C:\WINDOWS\system32\gqedit.dll Successfully Deleted: C:\WINDOWS\system32\gqedit.dll deleting: C:\WINDOWS\system32\gqedit.dll Successfully Deleted: C:\WINDOWS\system32\gqedit.dll deleting: C:\WINDOWS\system32\decompos.dll Successfully Deleted: C:\WINDOWS\system32\decompos.dll deleting: C:\WINDOWS\system32\decompos.dll Successfully Deleted: C:\WINDOWS\system32\decompos.dll deleting: C:\WINDOWS\system32\rXsser.dll Successfully Deleted: C:\WINDOWS\system32\rXsser.dll deleting: C:\WINDOWS\system32\rXsser.dll Successfully Deleted: C:\WINDOWS\system32\rXsser.dll deleting: C:\WINDOWS\system32\oupdx32.dll Successfully Deleted: C:\WINDOWS\system32\oupdx32.dll deleting: C:\WINDOWS\system32\oupdx32.dll Successfully Deleted: C:\WINDOWS\system32\oupdx32.dll deleting: C:\WINDOWS\system32\mcsec.dll Successfully Deleted: C:\WINDOWS\system32\mcsec.dll deleting: C:\WINDOWS\system32\mcsec.dll Successfully Deleted: C:\WINDOWS\system32\mcsec.dll deleting: C:\WINDOWS\system32\guard.tmp Successfully Deleted: C:\WINDOWS\system32\guard.tmp deleting: C:\WINDOWS\system32\guard.tmp Successfully Deleted: C:\WINDOWS\system32\guard.tmp Desktop.ini sucessfully removed Zipping up files for submission: adding: bRsesrv.dll (deflated 48%) adding: utpnpmgr.dll (deflated 48%) adding: dqnhpast.dll (deflated 48%) adding: rhcdll.dll (deflated 48%) adding: kfdtuf.dll (deflated 48%) adding: dksrslvr.dll (deflated 48%) adding: nbdsapi.dll (deflated 48%) adding: eaentcls.dll (deflated 48%) adding: mxvidc32.dll (deflated 48%) adding: suripto.dll (deflated 48%) adding: subrccsp.dll (deflated 48%) adding: vvdex.dll (deflated 48%) adding: uutfs.dll (deflated 48%) adding: muxoci.dll (deflated 48%) adding: gqedit.dll (deflated 48%) adding: decompos.dll (deflated 48%) adding: rXsser.dll (deflated 48%) adding: oupdx32.dll (deflated 48%) adding: mcsec.dll (deflated 48%) adding: guard.tmp (deflated 48%) adding: echo.reg (deflated 9%) adding: clear.reg (deflated 22%) adding: desktop.ini (stored 0%) adding: readme.txt (deflated 49%) adding: direct.txt (stored 0%) adding: report.txt (deflated 65%) adding: lo2.txt (deflated 88%) adding: test2.txt (stored 0%) adding: test3.txt (stored 0%) adding: test5.txt (stored 0%) adding: test.txt (deflated 89%) adding: xfind.txt (deflated 86%) adding: backregs/shell.reg (deflated 73%) adding: backregs/886D5BAA-1FEA-479D-9FB2-1B8F9F5C3DC3.reg (deflated 70%) Restoring Registry Permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Revoking access for predefined group "Administrators" Inherited ACE can not be revoked here! Inherited ACE can not be revoked here! Registry permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read INGEBOUWD\Gebruikers (ID-IO) ALLOW Read INGEBOUWD\Gebruikers (ID-NI) ALLOW Read INGEBOUWD\Hoofdgebruikers (ID-IO) ALLOW Read INGEBOUWD\Hoofdgebruikers (ID-NI) ALLOW Full access INGEBOUWD\Administrators (ID-IO) ALLOW Full access INGEBOUWD\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access MAKER EIGENAAR Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... successful deleting local copy: bRsesrv.dll deleting local copy: bRsesrv.dll deleting local copy: utpnpmgr.dll deleting local copy: utpnpmgr.dll deleting local copy: dqnhpast.dll deleting local copy: dqnhpast.dll deleting local copy: rhcdll.dll deleting local copy: rhcdll.dll deleting local copy: kfdtuf.dll deleting local copy: kfdtuf.dll deleting local copy: dksrslvr.dll deleting local copy: dksrslvr.dll deleting local copy: nbdsapi.dll deleting local copy: nbdsapi.dll deleting local copy: eaentcls.dll deleting local copy: eaentcls.dll deleting local copy: mxvidc32.dll deleting local copy: mxvidc32.dll deleting local copy: suripto.dll deleting local copy: suripto.dll deleting local copy: subrccsp.dll deleting local copy: subrccsp.dll deleting local copy: vvdex.dll deleting local copy: vvdex.dll deleting local copy: uutfs.dll deleting local copy: uutfs.dll deleting local copy: muxoci.dll deleting local copy: muxoci.dll deleting local copy: gqedit.dll deleting local copy: gqedit.dll deleting local copy: decompos.dll deleting local copy: decompos.dll deleting local copy: rXsser.dll deleting local copy: rXsser.dll deleting local copy: oupdx32.dll deleting local copy: oupdx32.dll deleting local copy: mcsec.dll deleting local copy: mcsec.dll deleting local copy: guard.tmp deleting local copy: guard.tmp The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** C:\WINDOWS\system32\bRsesrv.dll C:\WINDOWS\system32\bRsesrv.dll C:\WINDOWS\system32\utpnpmgr.dll C:\WINDOWS\system32\utpnpmgr.dll C:\WINDOWS\system32\dqnhpast.dll C:\WINDOWS\system32\dqnhpast.dll C:\WINDOWS\system32\rhcdll.dll C:\WINDOWS\system32\rhcdll.dll C:\WINDOWS\system32\kfdtuf.dll C:\WINDOWS\system32\kfdtuf.dll C:\WINDOWS\system32\dksrslvr.dll C:\WINDOWS\system32\dksrslvr.dll C:\WINDOWS\system32\nbdsapi.dll C:\WINDOWS\system32\nbdsapi.dll C:\WINDOWS\system32\eaentcls.dll C:\WINDOWS\system32\eaentcls.dll C:\WINDOWS\system32\mxvidc32.dll C:\WINDOWS\system32\mxvidc32.dll C:\WINDOWS\system32\suripto.dll C:\WINDOWS\system32\suripto.dll C:\WINDOWS\system32\subrccsp.dll C:\WINDOWS\system32\subrccsp.dll C:\WINDOWS\system32\vvdex.dll C:\WINDOWS\system32\vvdex.dll C:\WINDOWS\system32\uutfs.dll C:\WINDOWS\system32\uutfs.dll C:\WINDOWS\system32\muxoci.dll C:\WINDOWS\system32\muxoci.dll C:\WINDOWS\system32\gqedit.dll C:\WINDOWS\system32\gqedit.dll C:\WINDOWS\system32\decompos.dll C:\WINDOWS\system32\decompos.dll C:\WINDOWS\system32\rXsser.dll C:\WINDOWS\system32\rXsser.dll C:\WINDOWS\system32\oupdx32.dll C:\WINDOWS\system32\oupdx32.dll C:\WINDOWS\system32\mcsec.dll C:\WINDOWS\system32\mcsec.dll C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\guard.tmp Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{886D5BAA-1FEA-479D-9FB2-1B8F9F5C3DC3}"=- [-HKEY_CLASSES_ROOT\CLSID\{886D5BAA-1FEA-479D-9FB2-1B8F9F5C3DC3}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] **************************************************************************** Desktop.ini Contents: **************************************************************************** [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} **************************************************************************** [/color:d23126d301] en Hijack this log [color=darkblue:d23126d301]Logfile of HijackThis v1.99.1 Scan saved at 12:40:04, on 9-8-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Leon\Mijn documenten\Mijn ontvangen bestanden\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ctenschede.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O2 - BHO: (no name) - {E3C0031E-7F9D-4C9A-A077-325BCC1D8493} - C:\WINDOWS\System32\jmea.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://edapp01.saxion.nl/qp2.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ebmsg04.saxion.nl/iNotes6W.cab O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe[/color:d23126d301] In dit log staat bearshare nog in, ik heb alles gezocht en verwijderd.
  • De l2mfix is goed gegaan. Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:d40d9eeff6]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL O2 - BHO: (no name) - {E3C0031E-7F9D-4C9A-A077-325BCC1D8493} - C:\WINDOWS\System32\jmea.dll (file missing) O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE [/b:d40d9eeff6]Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen Zorg dat de [url=http://users.pandora.be/marcvn/spyware/1117602.htm]besturingssysteembestanden en verborgen bestanden zichtbaar zijn[/url] Verwijder de volgende directories/bestanden: C:\Program Files\[b:d40d9eeff6]MyWay[/b:d40d9eeff6]\ C:\Program Files\[b:d40d9eeff6]BearShare[/b:d40d9eeff6]\ C:\WINDOWS\System32\[b:d40d9eeff6]msmsgs.exe[/b:d40d9eeff6] Start CCleaner Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden. Kies in ieder geval voor de volgende items: Internet Explorer: - Tijdelijke Internet bestanden Systeem: - Prullenbak leegmaken - Tijdelijke bestanden klik nu in Ccleaner op opschonen (rechts onderaan). Post ter controle nogmaals een nieuw log van hijackthis.
  • Het Hijackthis log [color=darkblue:9065c11833]Logfile of HijackThis v1.99.1 Scan saved at 14:38:07, on 9-8-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Leon\Mijn documenten\Mijn ontvangen bestanden\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ctenschede.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://edapp01.saxion.nl/qp2.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ebmsg04.saxion.nl/iNotes6W.cab O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe[/color:9065c11833]
  • Het log is weer in orde. Breng nog wel de SP2 aan want je hebt nu nog SP1. Sjaak

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.