Vraag & Antwoord

Beveiliging & privacy

ck.maxifiles redirect bij google + mn hijackthis logje

Anoniem
gjbrand
7 antwoorden
  • Ik heb dus een probleem. Als ik op google op een link klik, word ik niet naar de betreffende pagina geleid, maar naar een rare pagina via ck.maxiles/……. . Ik heb er al heeeel veel antivirus programmas voor gebruikt maar ik kom er niet uit. Ik heb ondermeer Spyware blaster, spysweeper, ad aware, spybot serach and destroy, NOD32 en nog veel meer gebruikt, maar het probleem gaat niet weg.

    Dit is mijn hijackthislog file:

    Logfile of HijackThis v1.99.1
    Scan saved at 17:15:15, on 22-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\IFXSPMGT.exe
    C:\WINDOWS\system32\IFXTCS.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
    C:\Program Files\Infineon\Security Platform Software\SpTna.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Elantech\ktp.exe
    C:\WINDOWS\system32\tsnp2std.exe
    C:\WINDOWS\vsnp2std.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
    C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
    C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Brindsteiger\Bureaublad\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [Smart Watch Dog] -C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe
    O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
    O4 - HKLM\..\Run: [Sidewalker] C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
    O4 - HKLM\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.nl/
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.astonmartin.com/configurator/db9volante_load.html
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{16E42A12-1F93-4F2B-8D3D-1E6A0E9A3FC2}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\..\{39A0485F-DCCB-43FC-B892-B20AE22B3F49}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8E4728A0-518D-40D5-9824-F5F078D9C33F}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\..\{945040DD-639C-4E3D-AD04-C3841C56F320}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DEDA7820-7BE1-48D0-AD6B-C737ADC857FD}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F77D7BEA-966C-4304-92F4-69F084BA572B}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.53 85.255.112.217
    O17 - HKLM\System\CS1\Services\Tcpip\..\{16E42A12-1F93-4F2B-8D3D-1E6A0E9A3FC2}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.53 85.255.112.217
    O17 - HKLM\System\CS2\Services\Tcpip\..\{16E42A12-1F93-4F2B-8D3D-1E6A0E9A3FC2}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.53 85.255.112.217
    O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlxEN.dll
    O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
    O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • Heb nu ook windows live onecare gebruikt, hier is ook weer het een en ander door veranderd. Ik heb geen idee of dit wat verschilt voor de hijackthis file, maar voor de zekerheid is hier mn laatste log:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:05:22, on 22-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\IFXSPMGT.exe
    C:\WINDOWS\system32\IFXTCS.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
    C:\Program Files\Infineon\Security Platform Software\SpTna.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Elantech\ktp.exe
    C:\WINDOWS\system32\tsnp2std.exe
    C:\WINDOWS\vsnp2std.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
    C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
    C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Brindsteiger\Bureaublad\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [Smart Watch Dog] -C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe
    O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
    O4 - HKLM\..\Run: [Sidewalker] C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
    O4 - HKLM\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.nl/
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.astonmartin.com/configurator/db9volante_load.html
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{16E42A12-1F93-4F2B-8D3D-1E6A0E9A3FC2}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\..\{39A0485F-DCCB-43FC-B892-B20AE22B3F49}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8E4728A0-518D-40D5-9824-F5F078D9C33F}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\..\{945040DD-639C-4E3D-AD04-C3841C56F320}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DEDA7820-7BE1-48D0-AD6B-C737ADC857FD}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F77D7BEA-966C-4304-92F4-69F084BA572B}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.53 85.255.112.217
    O17 - HKLM\System\CS1\Services\Tcpip\..\{16E42A12-1F93-4F2B-8D3D-1E6A0E9A3FC2}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.53 85.255.112.217
    O17 - HKLM\System\CS2\Services\Tcpip\..\{16E42A12-1F93-4F2B-8D3D-1E6A0E9A3FC2}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.53 85.255.112.217
    O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlxEN.dll
    O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
    O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • Dat zal geen effect hebben, je hebt een wareout infectie. Momentje ik zal de fix er even inzetten.
  • Start HJT opnieuw en doe een systemscan only, vink onderstaande regels aan sluit alle vensters behalve HJT en klik dan op fix checked.

    [code:1:f886dd2d1e]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O17 - HKLM\System\CCS\Services\Tcpip\..\{16E42A12-1F93-4F2B-8D3D-1E6A0E9A3FC2}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\..\{39A0485F-DCCB-43FC-B892-B20AE22B3F49}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8E4728A0-518D-40D5-9824-F5F078D9C33F}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\..\{945040DD-639C-4E3D-AD04-C3841C56F320}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DEDA7820-7BE1-48D0-AD6B-C737ADC857FD}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F77D7BEA-966C-4304-92F4-69F084BA572B}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.53 85.255.112.217
    O17 - HKLM\System\CS1\Services\Tcpip\..\{16E42A12-1F93-4F2B-8D3D-1E6A0E9A3FC2}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.53 85.255.112.217
    O17 - HKLM\System\CS2\Services\Tcpip\..\{16E42A12-1F93-4F2B-8D3D-1E6A0E9A3FC2}: NameServer = 85.255.115.53,85.255.112.217
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.53 85.255.112.217 [/code:1:f886dd2d1e]


    Download de
  • Bedankt heb alles volgensmij uitgevoerd, hier is de report en de nieuwe HJT log:


    Fixwareout
    Last edited 1/14/2006
    Post this report in the forums please

    Prerun check
    »»»»» HKLM run and Winlogon System values
    C:\WINDOWS\system32\kdywl.exe will be moved to C:\WINDOWS\temp\kdywl.ren at reboot.
    »»»»» System restarted

    Reg Entries that were deleted

    Random Runs removed from HKLM


    PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

    »»»»» Searching by size/names…

    »»»»»
    Search five digit cs, dm kd and jb files.
    This WILL/CAN also list Legit Files, Submit them at Virustotal

    Other suspects.

    »»»»» Misc files.

    »»»»» Checking for older varients covered by the Rem3 tool.

    »»»»» Postrun check
    »»»»» HKLM run
    »»»»» Winlogon System value
    "system"=""
    »»»»»




    HJT log:


    Logfile of HijackThis v1.99.1
    Scan saved at 23:18:17, on 22-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\IFXSPMGT.exe
    C:\WINDOWS\system32\IFXTCS.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
    C:\Program Files\Infineon\Security Platform Software\SpTna.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Elantech\ktp.exe
    C:\WINDOWS\system32\tsnp2std.exe
    C:\WINDOWS\vsnp2std.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
    C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
    C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Brindsteiger\Bureaublad\nieuwsgroepen\hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [Smart Watch Dog] -C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe
    O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
    O4 - HKLM\..\Run: [Sidewalker] C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
    O4 - HKLM\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [mnu] C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.nl/
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.astonmartin.com/configurator/db9volante_load.html
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlxEN.dll
    O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
    O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • Hoe is het met de problemen, het logje ziet er wel aardig uit.
  • Ik weet het niet, heb geprobeerd zo weinig mogelijk te doen tot de problemen waren opgelost. Ik zal eens kijken of google weer gewoon werkt :D

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.