Archief - Last van popups

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

h0pe

Legacy Member
Kwas er gisteren en eergisteren vanaf, nu zijn ze terug :doh:



Logfile of HijackThis v1.99.1
Scan saved at 13:00:55, on 5/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\System32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\NMSSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
D:\Program Files\Valve\Steam2\Steam.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Windows\explorer.exe
C:\Documents and Settings\snt2\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0813/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0813/bl7.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1043
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe
O4 - HKLM\..\RunServices: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\..\RunServices: [Windows Workstation Service] wor.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4357D768-D789-4E46-9D7F-F52055A7C69E}: NameServer = 100.0.0.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{500EE26E-5E0D-48EA-9456-FB688319C1A9}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll,C:\Windows\System32\wmfhotfix.dll
O20 - Winlogon Notify: DateTime - C:\Windows\system32\ayddi.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\Windows\System32\NavLogon.dll
O20 - Winlogon Notify: SideBySide - C:\Windows\system32\hr2m05f1e.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\System32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: fwnet64 (fwnet) - Unknown owner - C:\Windows\fwnet64.exe (file missing)
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: netconf32 - Unknown owner - C:\Windows\netconf32.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Jurgenv1

Legacy Member
Download Look2Me-Destroyer.exe naar je bureaublad.
  • Sluit alle open venster.
  • Dubbelklik Look2Me-Destroyer.exe om het te starten.
  • Zet een vinkje naast Run this program as a task.
  • Je zal een melding krijgen met: 'Look2Me-Destroyer will close and re-open in approximately 10 seconds'. Klik OK
  • Wanneer Look2Me-Remover opnieuw opent, Klik de Scan for L2M knop.
  • Je bureaublad icoontjes en taakbalk zullen verdwijnen, dit is normaal.
  • Eénmaal gedaan met scannen, klik de Remove L2M knop.
  • Je zal de boodschap Done Scanning krijgen, klik OK.
  • Nadien zal je volgende melding krijgen: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, klik OK.
  • Je computer zal dan afsluiten.
  • Start je computer opnieuw op.
  • Post de inhoud van C:\Look2Me-Destroyer.txt samen met een nieuw hijackthislogje.
Indien je een alert krijgt van je firewall dat dit programma probeert toegang te krijgen met het internet, sta het toe en blokkeer het niet!

Indien je een runtime error '339' krijgt, download MSWINSCK.OCX via onderstaande link en plaats het in je C:\Windows\System32 map.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Jurgenv1

Legacy Member
er is nog meer troep aanwezig hoor ;) dus post de inhoud van C:\Look2Me-Destroyer.txt samen met een nieuw hijackthislogje.

h0pe

Legacy Member
Look2me-Destroyer LOG:


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 5/04/2006 13:19:02

Infected! C:\Windows\system32\jt4407hqe.dll
Infected! C:\Windows\system32\hr2m05f1e.dll
Infected! C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP188\A0052442.dll
Infected! C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP188\A0052444.dll
Infected! C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP188\A0052839.dll
Infected! C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP188\A0052853.dll
Infected! C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP188\A0052857.dll
Infected! C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP191\A0053277.dll
Infected! C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP191\A0053279.dll
Infected! C:\WINDOWS\system32\ajtxprxy.dll
Infected! C:\WINDOWS\system32\cxmsvcs.dll
Infected! C:\WINDOWS\system32\dnl4013qe.dll
Infected! C:\WINDOWS\system32\j2j6lc1s1f.dll
Infected! C:\WINDOWS\system32\jt4407hqe.dll
Infected! C:\Windows\System32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\Windows\system32\jt4407hqe.dll
C:\Windows\system32\jt4407hqe.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP188\A0052442.dll
C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP188\A0052442.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP188\A0052444.dll
C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP188\A0052444.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP188\A0052839.dll
C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP188\A0052839.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP188\A0052853.dll
C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP188\A0052853.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP188\A0052857.dll
C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP188\A0052857.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP191\A0053277.dll
C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP191\A0053277.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP191\A0053279.dll
C:\System Volume Information\_restore{0FE1A2C9-CA12-4321-8680-61DF080BBDF5}\RP191\A0053279.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ajtxprxy.dll
C:\WINDOWS\system32\ajtxprxy.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\cxmsvcs.dll
C:\WINDOWS\system32\cxmsvcs.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dnl4013qe.dll
C:\WINDOWS\system32\dnl4013qe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\j2j6lc1s1f.dll
C:\WINDOWS\system32\j2j6lc1s1f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\jt4407hqe.dll
C:\WINDOWS\system32\jt4407hqe.dll Deleted successfully!

Attempting to delete: C:\Windows\System32\guard.tmp
C:\Windows\System32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{62F720E8-DEEB-4CFD-87DD-DF3FA96717DE}"
HKCR\Clsid\{62F720E8-DEEB-4CFD-87DD-DF3FA96717DE}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9F01E012-D3FF-42A5-9E37-37C0AFC59BB4}"
HKCR\Clsid\{9F01E012-D3FF-42A5-9E37-37C0AFC59BB4}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{710834F8-DEE3-4182-BE8B-065F32EA3AD0}"
HKCR\Clsid\{710834F8-DEE3-4182-BE8B-065F32EA3AD0}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{19101D83-D7FA-4E63-80B6-D0380E9297E3}"
HKCR\Clsid\{19101D83-D7FA-4E63-80B6-D0380E9297E3}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6A9CAB1E-96F3-4F8E-9D3B-2C9F696C8247}"
HKCR\Clsid\{6A9CAB1E-96F3-4F8E-9D3B-2C9F696C8247}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3D0C7782-6F58-4D61-9A9A-BDC44739AAFD}"
HKCR\Clsid\{3D0C7782-6F58-4D61-9A9A-BDC44739AAFD}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

HijackThis LOG:

Logfile of HijackThis v1.99.1
Scan saved at 16:06:52, on 5/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\System32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\NMSSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
D:\Program Files\Valve\Steam2\Steam.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\Documents and Settings\snt\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1043
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe
O4 - HKLM\..\RunServices: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\..\RunServices: [Windows Workstation Service] wor.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4357D768-D789-4E46-9D7F-F52055A7C69E}: NameServer = 100.0.0.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{500EE26E-5E0D-48EA-9456-FB688319C1A9}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll,C:\Windows\System32\wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\Windows\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\System32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: fwnet64 (fwnet) - Unknown owner - C:\Windows\fwnet64.exe (file missing)
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: netconf32 - Unknown owner - C:\Windows\netconf32.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Jurgenv1

Legacy Member
* Download Brute Force Uninstaller.
Unzip/pak het uit naar zijn eigen map op je C:\ (c:\BFU).
Lees hier hoe je op de juiste wijze moet unzippen/uitpakken:
http://home.planet.nl/~kleyn080/unzippenXPuitleg.html

Start the Brute Force Uninstaller door te dubbelklikken op BFU.exe

Naast 'scriptfile to execute'-venster zal je een klein icoontje zien:
bfuicon.JPG

Klik op dat icoontje en een nieuw venster zal openen.
Bovenaan zie je staan: 'Please enter the full URL to the sript you want to execute'
In het venster kopieer en plak je volgende url:

http://metallica.geekstogo.com/alcanshorty.bfu

Klik OK
Daarna klik je execute in Brute Force Uninstaller.

Wacht tot je de boodschap complete script execution te zien krijgt en klik daarna op OK.
Klik exit om het programma te beeïndigen.


* Download, installeer en update de free trial versie van Ewido anti-malware

  1. Tijdens de installatie, onder "Additional Options", haal je de vinkjes weg bij "Install background guard" en "Install scan via context menu".
  2. Als je Ewido voor de eerste keer runt, zal je een foutmelding krijgen "Database could not be found!". Klik dan op OK. Dit is normaal.
  3. In het hoofdscherm van Ewido, klik je op update in het linker menu, en vervolgens op de Start update knop.
  4. Als de updates gedaan zijn, zal er op de status bar beneden "Update successful" staan.
  5. Sluit Ewido. Laat het nog niet scannen

* Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen
die je kan vinden op: http://users.pandora.be/marcvn/spyware/1414188.htm

* Start je computer op in VEILIGE MODUS


* open hijackthis en vink volgende regels aan:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe
O4 - HKLM\..\RunServices: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\..\RunServices: [Windows Workstation Service] wor.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O23 - Service: fwnet64 (fwnet) - Unknown owner - C:\Windows\fwnet64.exe (file missing)
O23 - Service: netconf32 - Unknown owner - C:\Windows\netconf32.exe (file missing)


* sluit dan alle vensters behalve hijackthis en klik op 'fix checked'

* verwijder volgende bestanden indien aanwezig:

C:\Windows\System32\winlog.exe
C:\Windows\System32\scorti.exe
C:\Windows\System32\MSWSA32.exe
C:\Windows\System32\wor.exe
C:\Windows\System32\taskmnegr.exe
C:\Windows\fwnet64.exe
C:\Windows\netconf32.exe

* Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt.

* Open Ewido Security Suite
  • klik op Scanner
  • Klik op complete system scan
  • Laat het programma je pc scannen
Tijdens de scan zal je gevraagd worden of je gevonden bestanden wil verwijderen. Klik dan op OK
Als de scan beëindigd is, zal je een knop zien Bewaar rapport
  • Klik op Bewaar rapport
  • Sla het rapport op op je bureaublad
  • Sluit Ewido af

* start je pc weer normaal

* Download ATF cleaner (by Atribune)

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

* post dan een nieuw hijackthis logje hier + het rapport van ewido
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan