Archief - CHECK : Hijack lijst

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Z

ZyphO

Legacy Member
Logfile of HijackThis v1.97.7
Scan saved at 23:39:05, on 14/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\firewallsp2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\NotifyPhoneBook.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\sysmsvc.exe
C:\WINDOWS\System32\scvhost.exe
C:\WINDOWS\System32\Msconf32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Vandewoude\Mijn documenten\Mijn ontvangen bestanden\HijackThis.exe
C:\WINDOWS\system32\sysmsvc.exe
C:\WINDOWS\system32\sysmsvc.exe
C:\WINDOWS\system32\sysmsvc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4276
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4276
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.beyondgaming.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Microsoft Firewall] firewallsp2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\Run: [Microsoft Service Manager] scvhost.exe
O4 - HKLM\..\Run: [Msconf32] Msconf32.exe
O4 - HKLM\..\RunServices: [Microsoft Firewall] firewallsp2.exe
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\RunServices: [Microsoft Service Manager] scvhost.exe
O4 - HKLM\..\RunServices: [Msconf32] Msconf32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{776CBA0D-7D8D-48DE-A49F-6A281D95D6BF}: NameServer = 195.238.2.22 195.238.2.21

moet wel zeggen ik zie staan firewallsp2 maar heb nooit niets van SP2 geupgrade ?? :eek:
s

st3ph3n

Legacy Member
Malware processen:
C:\WINDOWS\System32\firewallsp2.exe
C:\WINDOWS\System32\sysmsvc.exe
C:\WINDOWS\System32\scvhost.exe
C:\WINDOWS\System32\Msconf32.exe
C:\WINDOWS\system32\sysmsvc.exe
C:\WINDOWS\system32\sysmsvc.exe
C:\WINDOWS\system32\sysmsvc.exe

Te fixen:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4276
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4276
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\Run: [Microsoft Service Manager] scvhost.exe
O4 - HKLM\..\Run: [Msconf32] Msconf32.exe
O4 - HKLM\..\RunServices: [Microsoft Firewall] firewallsp2.exe
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\RunServices: [Microsoft Service Manager] scvhost.exe
O4 - HKLM\..\RunServices: [Msconf32] Msconf32.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} -

Steven
Z

ZyphO

Legacy Member
eenmaal heb ik nu 3 pc's thuis staan :baard:
mss wel domme vraag maar. die malware moet dat worden verwijderd ???

Van me Broer :

Logfile of HijackThis v1.98.2
Scan saved at 21:54:13, on 15/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\ewupdater.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\NotifyPhoneBook.exe
C:\WINDOWS\System32\sysmsvc.exe
C:\WINDOWS\System32\wuguard.exe
C:\WINDOWS\System32\mediaplayer32.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Vandewoude\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.easywebsearch.nl/ie.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.beyondgaming.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.easywebsearch.nl/ie.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.easywebsearch.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.easywebsearch.nl/ie.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.easywebsearch.nl/ie.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\Run: [Microsoft uptade] wuguard.exe
O4 - HKLM\..\Run: [Start Upping] mediaplayer32.exe
O4 - HKLM\..\Run: [Microsoft Help] xppatch.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\RunServices: [Microsoft uptade] wuguard.exe
O4 - HKLM\..\RunServices: [Start Upping] mediaplayer32.exe
O4 - HKLM\..\RunServices: [Microsoft Help] xppatch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Start Upping] mediaplayer32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E21CAE1A-A028-44DC-AEB8-2CB839A6FDE5}: NameServer = 195.238.2.22 195.238.2.21

--------------------------------------------------------------------
--------------------------------------------------------------------

Van mijn Pc :

Logfile of HijackThis v1.98.2
Scan saved at 22:00:33, on 15/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\McAfee.com\Agent\MCAGENT.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\Software For Games\The All-Seeing Eye\eye.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Zypho\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.beyondgaming.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.beyondgaming.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = proxy.skynet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\MCAGENT.EXE
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: fix.bat.lnk = C:\fix.bat
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Privacy-balk - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing
O16 - DPF: FortisCzPc - https://www.fortisbanking.be/FortisCzPC.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,83/mcinsctl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/nl/1,0,0,20/mcgdmgr.cab
O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - https://www.novaworld.com/NWCommunities/beta/NLSysInfo.ocx
s

st3ph3n

Legacy Member
Die malware processen kan je afsluiten via Taakbeheer (Ctrl-Shift-Escape) alvorens te fixen, maar bij de meesta ad/spyware is dit niet nodig. Het is enkel wanneer de problemen (popups oid) blijven dat je de processen eerst moet beëindigen. Een alternatief aan de Taakmanager is opstarten in Veilige Modus waar die processen zowiezo niet geladen worden.

* Broers pc
Malware processen:
C:\WINDOWS\ewupdater.exe
C:\WINDOWS\System32\sysmsvc.exe
C:\WINDOWS\System32\wuguard.exe
C:\WINDOWS\System32\mediaplayer32.exe

Te fixen:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.easywebsearch.nl/ie.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.easywebsearch.nl/ie.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.easywebsearch.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.easywebsearch.nl/ie.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.easywebsearch.nl/ie.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\Run: [Microsoft uptade] wuguard.exe
O4 - HKLM\..\Run: [Start Upping] mediaplayer32.exe
O4 - HKLM\..\Run: [Microsoft Help] xppatch.exe
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\RunServices: [Microsoft uptade] wuguard.exe
O4 - HKLM\..\RunServices: [Start Upping] mediaplayer32.exe
O4 - HKLM\..\RunServices: [Microsoft Help] xppatch.exe
O4 - HKCU\..\Run: [Start Upping] mediaplayer32.exe
O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) -

* Uw pc
Te fixen:
O4 - Startup: PowerReg Scheduler.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing

Andere:
O4 - Startup: fix.bat.lnk = C:\fix.bat
>> Een bat(ch)bestand gebruik je om taken te automatiseren. Ik weet niet wat dit bepaalde bat-bestand doet. Als je niet weet wat dit doet moet je het eens openen in Kladblok (of een andere tekstverwerker) en de inhoud hier posten.

Steven
Z

ZyphO

Legacy Member
ok dit is nu al opgelost en voor die fix.bat had je al eens bekeken en je zei dat ik het moest laten staan :).

nu die andere problemen dan trug
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan