Vraag & Antwoord

Beveiliging & privacy

Help startpagina probleem zie Logfile of HijackThis

Anoniem
None
12 antwoorden
 • Logfile of HijackThis v1.97.7
  Scan saved at 20:24:59, on 13-8-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Norton AntiVirus\SAVScan.exe
  C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
  C:\WINDOWS\System32\devldr32.exe
  C:\WINDOWS\System32\bca.exe
  D:\hijackthis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {39AB2571-A753-401F-8C8E-5E69BEC2A622} - C:\WINDOWS\System32\ebpg.dll
  O2 - BHO: (no name) - {4DDD3F59-C93C-2DB0-8752-115504A67B6E} - C:\WINDOWS\System32\veqcd.dll
  O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
  O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
  O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
  O9 - Extra button: Messenger (HKLM)
  O9 - Extra 'Tools' menuitem: Messenger (HKLM)
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
  O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:C:\iehelp.chm::/on-line.exe
  O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
  O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
  O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.4425115741
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 • Kijk 'm ff na (hoewel de Hijackthis versie ver over de datum is).
 • Excuses, maar ik heb ècht een log met de laatste Hijackthis versie nodig.
  http://computercops.biz/downloads-file-328.html
 • Voor je de nieuwe hijackthislog post van versie 1.98.2 die Rieske vraagt, deïnstaller je best Twain-tech. (Configuratiescherm - Software - Programma's wijzigen en verwijderen)
 • Logfile of HijackThis v1.98.2
  Scan saved at 19:50:10, on 15-8-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Norton AntiVirus\SAVScan.exe
  C:\Program Files\D-Tools\daemon.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  C:\Program Files\E-Color\Common\IconMgr.exe
  C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
  C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
  C:\WINDOWS\System32\devldr32.exe
  D:\hijackthis\Nieuwe map\HijackThis.exe
  C:\WINDOWS\system32\NOTEPAD.EXE

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
  O2 - BHO: (no name) - {39AB2571-A753-401F-8C8E-5E69BEC2A622} - C:\WINDOWS\System32\ebpg.dll
  O2 - BHO: (no name) - {4DDD3F59-C93C-2DB0-8752-115504A67B6E} - C:\WINDOWS\System32\veqcd.dll
  O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
  O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
  O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:C:\iehelp.chm::/on-line.exe
  O18 - Filter: text/html - {642604B8-B38C-4EE3-A3F7-CBCFE37B6139} - C:\WINDOWS\System32\ebpg.dll
  O18 - Filter: text/plain - {642604B8-B38C-4EE3-A3F7-CBCFE37B6139} - C:\WINDOWS\System32\ebpg.dll
  O21 - SSODL: System - {F34CFDA2-D375-4D97-825E-DA88D8036367} - (no file)
 • move to B&P

  t.
 • Twaintec al gedeïnstalleerd, zoals Marc vroeg?
 • Ga naar Configuratiescherm - Software - Programma's wijzigen en verwijderen. Deïnstalleer Twain Tech
  Sla HijackThis op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maakt namelijk backups in de map waar het opgestart wordt.
  Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
  [b:c4323dab8d]
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Kornelis\LOCALS~1\Temp\sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

  O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

  O2 - BHO: (no name) - {39AB2571-A753-401F-8C8E-5E69BEC2A622} - C:\WINDOWS\System32\ebpg.dll
  O2 - BHO: (no name) - {4DDD3F59-C93C-2DB0-8752-115504A67B6E} - C:\WINDOWS\System32\veqcd.dll
  O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)

  O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

  [/b:c4323dab8d]
  Download Appinit.bat.
  Unzip het naar je buroblad. Klik op appinit.bat. Er verschijnt heel kort een 'dos-box' en er wordt een bestand windows.txt aangemaakt. Kopieer en plak de inhoud van dit bestand samen met een nieuwe hijackthislog in je volgende bericht.

  groeten,
 • …woorden uit de mond. Zie een Gardena voorbijrazen…
  Deze nog niet verwijderen?
  [code:1:1d4b6cb85a]O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:C:\iehelp.chm::/on-line.exe
  O18 - Filter: text/html - {642604B8-B38C-4EE3-A3F7-CBCFE37B6139} - C:\WINDOWS\System32\ebpg.dll
  O18 - Filter: text/plain - {642604B8-B38C-4EE3-A3F7-CBCFE37B6139} - C:\WINDOWS\System32\ebpg.dll
  O21 - SSODL: System - {F34CFDA2-D375-4D97-825E-DA88D8036367} - (no file)[/code:1:1d4b6cb85a]
 • Bedankt voor jullie hulp het werkt weer goed.
  :lol:

  groet hk
 • Post ff een nieuwe log nog.
 • [quote:abdb3a7d47="=Rieske="]
  Deze nog niet verwijderen?
  [code:1:abdb3a7d47]O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:C:\iehelp.chm::/on-line.exe
  O18 - Filter: text/html - {642604B8-B38C-4EE3-A3F7-CBCFE37B6139} - C:\WINDOWS\System32\ebpg.dll
  O18 - Filter: text/plain - {642604B8-B38C-4EE3-A3F7-CBCFE37B6139} - C:\WINDOWS\System32\ebpg.dll
  O21 - SSODL: System - {F34CFDA2-D375-4D97-825E-DA88D8036367} - (no file)[/code:1:abdb3a7d47][/quote:abdb3a7d47]
  Heb er even op verder gezocht, ik had ze laten staan omdat ik er niet zeker van was, maar ze moeten eruit.
  CLSID zijn random. (is typisch)

  Ben wel benieuwd of hijackthis ze kan fixen…

  Post ook het resultaat van appinit.bat als je wil.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.